4430 matches found
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
CVE-2021-37214
The employee management page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator...
Cross site request forgery (csrf)
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...
Design/Logic Flaw
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
Command injection
The employee management page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator...
CVE-2021-37215
The CVE-2021-37215 entry describes an Insecure Direct Object Reference (IDOR) in Flygo’s employee management page. After authenticating as a general user, an attacker can manipulate and overwrite another employee’s data by supplying that employee’s ID in an API parameter. Documents confirm this v...
CVE-2021-37215 Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4
The employee management page of Flygo contains an Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter...
CVE-2021-37213 Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2
The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...
Larvata Flygo 安全漏洞
Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as a normal user, to manipulate the announcement ID in a specific Url parameter to access...
CVE-2021-24473
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles...
WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability
Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...
CVE-2021-32744
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...
Sourcecodester Phone Shop Sales Management System has an unspecified vulnerability
SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. A security vulnerability exists in Sourcecodester Phone Shop Sales Managements System, which stems from the fact that Sourcecodester Phone Shop Sales Managements...
WordPress Workreap premium theme <= 2.2.1 - Multiple Cross-Site Scripting (CSRF) + Insecure Direct Object References (IDOR) vulnerabilities
Multiple Cross-Site Scripting CSRF + Insecure Direct Object References IDOR vulnerabilities discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...
Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities
Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...
Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities
Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...
Atlassian Jira 8.6.x < 8.13.2 Insecure Direct Object References
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...
Atlassian Jira < 8.5.10 Insecure Direct Object References
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...