4430 matches found
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
Design/Logic Flaw
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
SourceCodester Phone Shop Sales Management System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). The root cause is improper access control that lets an attacker change the id parameter to view invoices of other users. Reported across multiple sources (NVD entry CVE-2021-35337; CNVD...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
Accela Civic Platform 21.1 Insecure Direct Object Reference
Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...
Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)
Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...
CVE-2021-31927
An Insecure Direct Object Reference IDOR vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2...
CVE-2021-31927
CVE-2021-31927 describes an Insecure Direct Object Reference (IDOR) in Annex Cloud Loyalty Experience Platform versions earlier than 2021.1.0.1, allowing any authenticated user to modify existing users across environments/clients. The issue is fixed in 2021.1.0.2. Affected component: Annex Cloud ...
Annex Cloud Loyalty Experience Platform 安全漏洞
Loyalty Experience Platform is Annex Cloud's platform that combines best-in-class program management capabilities with powerful engagement modules. A security vulnerability exists in Annex Cloud Loyalty Experience Platform that stems from an IDOR Insecure Direct Object Reference vulnerability in...
WordPress 插件 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Listeo WordPress has a security vulnerability before...
PT-2021-15855 · WordPress · Listeo
Name of the Vulnerable Software and Affected Versions: Listeo WordPress theme versions prior to 1.6.11 Description: The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belo...
Echelon PII Leak and Disclosure Fail
Echelon Echelon Fitness is a competitor to companies such as Peloton. You buy the hardware, quickly assemble it, buy a subscription, use a built-in or external smart device and you do your exercise thing! However, their API had significantly worse security flaws than those we found in Peloton...
Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1
9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...
WordPress Realteo premium plugin <= 1.2.3 - Authenticated Insecure Direct Object References (IDOR) vulnerability
Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress Realteo premium plugin versions = 1.2.3. Solution Update the WordPress Realteo premium plugin to the latest available version at least 1.2.4...
WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities
Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control IDOR Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control (IDOR)
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)
The version of Adobe Bridge installed on the remote Windows host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing TTF files...
Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)
The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing T...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...