4440 matches found
CVE-2021-33981
CVE-2021-33981 affects the Fish | Hunt FL iOS app (versions 3.8.0 and earlier). The issue is an insecure direct object vulnerability in the hunting/fishing license retrieval function, allowing a remote authenticated attacker to access other users’ personal information and license images. Root cau...
Fish Hunt FL 信息泄露漏洞
Fish Hunt FL is used to manage Florida hunting and fishing licenses. An information disclosure vulnerability exists in Fish Hunt FL that stems from an insecure direct object vulnerability in the hunting/fishing license retrieval functionality of the Fish | Hunt FL iOS app version 3.8.0 release an...
OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability
Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-40352 How to Reproduc...
Bus Pass Management System 1.0 Insecure Direct Object Reference
Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Date: 31/08/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-4035...
CVE-2021-36032
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
Design/Logic Flaw
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 is affected by CVE-2021-40352 due to an insecure direct object reference in pnotes_print.php?noteid= that allows reading other users’ messages (IDOR). Exploitation PoCs exist (e.g., PoC notes/public exploits show changing noteid to access others’ messages, including admin messages)....
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
OpenEMR 6.0.0 Insecure Direct Object Reference
Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...
Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
GHSA-54GP-QFF8-946C Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
Tecknodreams SapphireIMS Insecure Direct Object Reference Vulnerability
Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971. The vulnerability stems from an insecure direct object reference in the local user creation function. An attack...
Shopware has an unspecified vulnerability
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Design/Logic Flaw
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Shopware 日志信息泄露漏洞
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...