4440 matches found
CVE-2021-36389
CVE-2021-36389 affects Yellowfin prior to 9.6.1, where an Insecure Direct Object Reference on the MIImage.i4 page allows enumeration and download of uploaded images. The vulnerability arises from unauthorized access to image resources via a crafted HTTP GET request, enabling disclosure of uploade...
CVE-2021-36388
Yellowfin before 9.6.1 is affected by an Insecure Direct Object Reference that allows enumeration and download of user profile pictures via the MIIAvatarImage.i4 page. Affected version: Yellowfin prior to 9.6.1. Root cause: insecure access to user avatars. Impact: potential exposure of profile im...
CVE-2021-36388
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...
CVE-2021-36388
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...
Yellowfin Business Intelligence Yellowfin 代码注入漏洞
An insecure direct object reference vulnerability exists in versions of Yellowfin prior to 9.6.1, a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. An attacker could exploit the vulnerability by sending a specially crafted HTTP GET request to th...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities
Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...
PT-2021-21266 · Yellowfin · Yellowfin
Name of the Vulnerable Software and Affected Versions: Yellowfin versions prior to 9.6.1 Description: The issue allows enumeration and download of users' profile pictures through an Insecure Direct Object Reference vulnerability. This can be exploited by sending a specially crafted HTTP GET reque...
CVE-2021-39889
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...
CVE-2021-39889
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...
UBUNTU-CVE-2021-39889
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...
CVE-2021-39889
Removed by vendor...
PT-2021-22735 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 and later Description: The issue is related to an insecure direct object reference vulnerability. An endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
Information disclosure
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2021-37777
The CVE-2021-37777 entry concerns Gila CMS 2.2.0, where an Insecure Direct Object Reference allows information disclosure. The issue arises via thumbnail access: thumbnails uploaded by one site owner can be accessed by another site owner by knowing the site name and fuzzing for image names. This ...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
College Management System 1.0 Insecure Direct Object Reference
Exploit Title: college management system - Add admin Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version: 1.0 Teste...
CVE-2021-41298
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...