4538 matches found
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
Design/Logic Flaw
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
WordPress CarSpot premium theme <= 2.2.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress CarSpot premium theme versions = 2.2.2. Solution Update the WordPress CarSpot premium theme to the latest available version at least 2.2.3...
WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...
WordPress Ultimate Member Plugin <= 2.1.2 Multiple Insecure Direct Object Reference Vulnerabilities
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
Design/Logic Flaw
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
CVE-2020-6859
The CVE-2020-6859 entry corresponds to multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the WordPress Ultimate Member plugin (affected until version 2.1.2) in includes/core/class-files.php. The underlying issue allows remote attackers to modify other users’ profiles and cover p...
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...
Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability
A vulnerability in the Operations, Administration, Maintenance and Provisioning OAMP OpsConsole Server for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
Design/Logic Flaw
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
CVE-2019-19259 refers to a vulnerability in GitLab Enterprise Edition (EE) 11.3 and later through 12.5 that allows an Insecure Direct Object Reference (IDOR), leading to potential information disclosure. The issue affects the application’s handling of object references and is categorized with a C...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
Starbucks: Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card
nnez discovered that a hacker could transfer funds from one Starbucks card to another by inspecting the form with Google Chrome DevTools and then change the forms "CardNumber" value to a victim's valid Starbucks card number. If the value entered for the "FullAmount" form field did not exceed the...
GitLab Insecure Direct Object Reference Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...