CVE-2020-15958

CVE-2020-15958 affects 1CRM System up to version 8.6.7. It exposes an insecure direct object reference to internally stored files, enabling an unauthenticated remote attacker to access sensitive information via a predictable URL. The advisory in PacketStorm (ARA-2020-005) cites CVSS v3 score 8.6 ...

1CRM 8.6.7 Insecure Direct Object Reference

Security Advisory ARA-2020-005: Insecure Direct Object Reference CVE-2020-15958 Affected Products and Environments Product: 1CRM =8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System ENT-8.6.6 and Startup+ Edition 8.5.15 Environments: All host environments Security Risk Severity: High CVSS v3:...

New Relic: IDOR - User is able to download charts/dashboards from cross accounts

@k3ne described an issue where a user on an account could access data concerning dashboards for another user on the same account. While this appeared to be a cross-account access issue, both users on the account have access to the same data by design...

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

Design/Logic Flaw

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

CloudForms: Missing functional level access control & IDOR lead to compromise

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature...

Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Atlassian JIRA < 7.13.16 / 8.0.x < 8.5.7 / 8.6.x < 8.9.2 / 8.10.x < 8.10.1 Insecure Direct Object References (IDOR) (JRASERVER-71275)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by Insecure Direct Object References IDOR vulnerability. Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a...

Spoofing

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by multiple vulnerabilities in Telerik.Web.UI.dll : - An insecure direct object reference vulnerability due to user input used directly by RadAsyncUpload without modification or validation...

Lark Technologies: Messages disclosure via search feature of other users group(Cross-Tenant).

Due to a Insecure Direct Object Reference IDOR vulnerability identified within the message search function of Lark, an attacker could have potentially viewed messages, docs, and attachments shared in other users groups. We thank @base64 for reporting this to our team and verifying the resolution...

Insecure Direct Object Reference

telerik.web.ui is vulnerable to insecure direct object reference. User input is not validated and used directly by RadAsyncUpload without modification or validation. This can potentially result in arbitrary file uploads and executino of arbitrary code...

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

Cross site request forgery (csrf)

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

PT-2020-13654 · WordPress · Acf-To-Rest-Api

Name of the Vulnerable Software and Affected Versions: acf-to-rest-api plugin through 3.1.0 for WordPress Description: The issue allows an insecure direct object reference via permalinks manipulation. This can be demonstrated by a "wp-json/acf/v3/options/" request that reads sensitive information...

Information Exposure

An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...

Insecure Direct Object Reference

github.com/gogs/gogs is vulnerable to insecure direct object reference. A remote attacker is able to configure and set the primary email address of other users on their behalf...

Revisiting old tools

Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...