openSUSE Security Update : nextcloud (openSUSE-2020-670)

This update for nextcloud to 18.0.4 fixes the following issues : Security issues fixed : - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe device...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0670-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud Server Insecure Direct Object Reference Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An insecure direct object reference vulnerability exists in Nextcloud Server version 18.0.2. The vulnerability stems from the program's failure to perform...

Nextcloud Server 17.x < 17.0.5, 18.x < 18.0.3 Insecure Direct Object Reference Vulnerability (NC-SA-2020-018)

Nextcloud Server is prone to an insecure direct object reference vulnerability due to a missing ownership check on remote wipe endpoint. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2020-8154

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

Design/Logic Flaw

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8154

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8154

CVE-2020-8154 is an Insecure Direct Object Reference in Nextcloud Server (noted against 18.0.x) that allowed an attacker to remotely wipe other users’ devices via a crafted request to the affected endpoint. Publicly referenced advisories (openSUSE/OpenSUSE-SU-2020:0670-1 and openSUSE-670) associa...

Topcoder: IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter

Hi : On https://apps.topcoder.com/wiki/users/viewmydrafts.action, you can see your drafts, edit or delete them. Users can delete their own drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action?discardDraftId=. But there is no check and an attacker can change discardDraftId and delete...

Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability

Subex ROC Partner Settlement is a scalable partner management platform from Subex India. The platform supports features such as billing and revenue management. A security vulnerability exists in the Change Password feature in Subex ROC Partner Settlement version 10.5. The vulnerability can be...

CVE-2020-9384

An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

Design/Logic Flaw

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

CVE-2020-11589

CIPPlanner CIPAce 9.1 Build 2019092801 is affected by an Insecure Direct Object Reference information-disclosure vulnerability (CVE-2020-11589). An unauthenticated attacker can issue a GET request to a URL and access data that should be restricted to authenticated users. CVSSv3.1 vector and base ...

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

WordPress Auth0 Insecure Direct Object Reference Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Auth0 versions prior to 4.0.0. The vulnerability can be exploited...

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

CVE-2020-7948

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...

CVE-2020-7948

The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...