CVE-2020-7948

The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...

Login by Auth0 < 4.0.0 - Multiple Vulnerabilities

CVE-2020-5391 - CSRF controls missing for domain field CVE-2020-5392 - Stored XSS in Settings page CVE-2020-6753 - Stored XSS in multiple pages CVE-2020-7947 - CSV injection vulnerabilities CVE-2020-7948 - Insecure direct object reference...

CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...

CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...

Design/Logic Flaw

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...

CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration...

CVE-2020-7918

CVE-2020-7918 affects Totemo totemomail 7.0.0. An insecure direct object reference in webmail allows an authenticated remote user to read and modify other users’ mail folder names via enumeration. The issue is linked across multiple sources (e.g., Red Hat advisory, CVE listings) with the core imp...

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...

CVE-2019-18998 Asset Suite Direct Object Reference Access

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

Design/Logic Flaw

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

WordPress CarSpot premium theme <= 2.2.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress CarSpot premium theme versions = 2.2.2. Solution Update the WordPress CarSpot premium theme to the latest available version at least 2.2.3...

WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...

WordPress Ultimate Member Plugin <= 2.1.2 Multiple Insecure Direct Object Reference Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

Design/Logic Flaw

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...