Design/Logic Flaw

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to reassign drivers for any printer...

CVE-2021-42642

The CVE-2021-42642 entry describes a vulnerability in PrinterLogic Web Stack versions 19.1.1.13 SP9 and below, due to an Insecure Direct Object Reference (IDOR) that could disclose the plaintext console username and password for a printer. Affected product: PrinterLogic Web Stack. Root cause: IDO...

CVE-2021-42641

CVE-2021-42641 affects PrinterLogic Web Stack versions 19.1.1.13 SP9 and earlier. It is described as an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the usernames and email addresses of all users. The NVD entry provides a CVSS v3.1 base...

CVE-2021-42640

CVE-2021-42640 affects PrinterLogic Web Stack versions 19.1.1.13 SP9 and below. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows an unauthenticated attacker to reassign drivers for any printer. Root cause details indicate improper access control on object references. Im...

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...

CVE-2022-22828

Synametrics SynaMan prior to version 5.0 is affected by CVE-2022-22828 due to an insecure direct object reference in the file-download URL. An attacker can access unshared files by modifying the base64-encoded filename string, enabling remote file disclosure. The vulnerability is exposed via the ...

Synametrics Technologies SynaMan 信息泄露漏洞

Synametrics Technologies SynaMan is a remote file manager from Synametrics Technologies, USA. Synametrics Technologies SynaMan suffers from an information disclosure vulnerability that stems from an insecure direct object reference to a file download URL in SynaMan prior to 5.0. An attacker can...

in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Insecure Direct Object Reference / IDOR vulnerability. The system's authorization functionality does not prevent one user from deleting another user by modifying the userid identifying the user. Each user has a userid 1,2,3,.... A malicious authorized...

Hospitals Patient Records Management System 1.0 Account TakeOver

Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Design/Logic Flaw

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

Design/Logic Flaw

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

CVE-2021-3380

CVE-2021-3380 is an IDOR vulnerability in the ICREM H8 SSRMS Print Invoice functionality. The root cause is insecure direct object reference, allowing disclosure of sensitive information. The description is confirmed across multiple sources (NVD, RH, CVE list, CNNVD). No concrete patch/version re...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

TikTok: IDOR the ability to view support tickets of any user on seller platform

Due to an Insecure Direct Object Reference IDOR vulnerability, an attacker could have potentially viewed support tickets on seller platform. We thank @lewaperbb for reporting this to our team...

CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...