UBUNTU-CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...

CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions"

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...

PT-2021-14421 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns an Insecure Direct Object Reference IDOR on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search...

UBUNTU-CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2021-14365 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.3 Description: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI, it was possible to switch entities with IDOR from a...

Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

Design/Logic Flaw

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

CVE-2020-8297

CVE-2020-8297 affects Nextcloud Deck prior to 1.0.2, with an insecure direct object reference (IDOR) that lets a user with a duplicate username access deck data belonging to a previously deleted user. The issue stems from access control handling in the Deck app and is confirmed by multiple source...

Nextcloud Deck 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...

CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...

CVE-2020-35577

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...

CVE-2020-35577

Endalia Selection Portal (before 4.205.0) is affected by an Insecure Direct Object Reference (IDOR) vulnerability. Authenticated users can download any uploaded file by altering the file identifier (CommonDownload ID). This is the root cause described across multiple sources linked to CVE-2020-35...

CVE-2020-29031

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

Design/Logic Flaw

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c...

CVE-2020-29031

CVE-2020-29031 affects Secomea GateManager web UI. An Insecure Direct Object Reference allows an authenticated attacker to reset the password of any user in its domain or sub-domain via privilege escalation, impacting GateManager versions prior to 9.2c. The issue is evidenced across multiple sour...

CVE-2021-21022 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...