WordPress 插件 跨站脚本漏洞

WordPress plugin uListing is a directory and listing plugin based on Vue.js. WordPress plugin uListing 2.0.5 and earlier versions are vulnerable to an insecure direct object reference vulnerability. No detailed vulnerability details are currently available...

ownCloud Insecure Direct Object Reference Vulnerability (oC-SA-2016-010)

ownCloud is prone to an insecure direct object reference vulnerability in the Gallery app. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

OpenEMR <= 7.0.0 IDOR Vulnerability

OpenEMR is prone to an insecure direct object reference IDOR vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2021-29773

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability IDOR. IBM X-Force ID: 202865...

IBM Security Guardium 信息泄露漏洞

IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium has a security vulnerability that could be exploited by a...

CVE-2021-40355

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...

CVE-2021-40355

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...

Input validation

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...

CVE-2021-40355

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...

CVE-2021-33981

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses...

CVE-2021-33981

CVE-2021-33981 affects the Fish | Hunt FL iOS app (versions 3.8.0 and earlier). The issue is an insecure direct object vulnerability in the hunting/fishing license retrieval function, allowing a remote authenticated attacker to access other users’ personal information and license images. Root cau...

Fish Hunt FL 信息泄露漏洞

Fish Hunt FL is used to manage Florida hunting and fishing licenses. An information disclosure vulnerability exists in Fish Hunt FL that stems from an insecure direct object vulnerability in the hunting/fishing license retrieval functionality of the Fish | Hunt FL iOS app version 3.8.0 release an...

OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-40352 How to Reproduc...

Bus Pass Management System 1.0 Insecure Direct Object Reference

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

OpenEMR 6.0.0 - &#039;noteid&#039; Insecure Direct Object Reference (IDOR)

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Date: 31/08/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-4035...

CVE-2021-36032

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...

CVE-2021-40352

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...

CVE-2021-40352

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...