CVE-2022-40319

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

CVE-2022-40319

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

LISTSERV 17 Insecure Direct Object Reference

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...

L-Soft LISTSERV 安全漏洞

L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A security vulnerability exists in L-Soft LISTSERV version 17. An attacker could exploit the vulnerability to conduct an insecure direct object reference IDOR attack via a modified email address in the wa.exe URL...

PT-2023-13785 · L Soft · Listserv 17

Name of the Vulnerable Software and Affected Versions: LISTSERV 17 Description: The LISTSERV 17 web interface is affected by an issue that allows remote attackers to conduct Insecure Direct Object References IDOR attacks. This is achieved via a modified email address in a "wa.exe" URL, resulting ...

EUVD-2022-43610

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

Dcastalia CMS 1.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : Dcastalia CMS v1.2 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Eway Gateway Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 9e6ef9dda0ad Credits WordfenceTeam...

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query...

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. Comparison of object references instead of object contents due to insecure direct object references allows an attacker to delete the victim's resources...

Improper Authorization

github.com/usememos/memos is vulnerable to improper authorization. The library uses insecure direct object references which allows an attacker to access all private memos of a user and edit them...

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. Improper Authorization due to insecure direct object references allow an attacker to trigger the Reset API on user's behalf...

Insecure Direct Object References(IDOR)

github.com/usememos/memos is vulnerable to insecure direct object references. The vulnerability allows an attacker to delete all the available memos Public/Private in the entire application since the memos id is numeric & is sequentially incremented which is easy to guess and perform the attack...

PT-2023-14197 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...

memos 授权问题漏洞

memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions of memos prior to 0.9.1, which can be exploited by an attacker to reset any user's API via IDOR...

memos 授权问题漏洞

memos is an open source hosted meme center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to archive any post public/private using IDOR...

memos 访问控制错误漏洞

memos is an open source hosted memo center with knowledge management and social features. An Access Control Error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to obtain all files in any user's resources and delete any file of any user via IDOR...

memos 访问控制错误漏洞

memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to IDOR other public and private memos...