Lucene search
K

4538 matches found

NVD
NVD
added 2020/01/31 8:15 p.m.10 views

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

6.5CVSS6.3AI score0.00731EPSS
Exploits0References1
Prion
Prion
added 2020/01/31 8:15 p.m.14 views

Design/Logic Flaw

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

3.5CVSS6.3AI score0.00731EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/31 7:57 p.m.17 views

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

6.3AI score0.00731EPSS
Exploits0References1
Patchstack
Patchstack
added 2020/01/27 12:0 a.m.4 views

WordPress CarSpot premium theme <= 2.2.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress CarSpot premium theme versions = 2.2.2. Solution Update the WordPress CarSpot premium theme to the latest available version at least 2.2.3...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/01/22 12:0 a.m.19 views

WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...

5.3CVSS3.2AI score0.02168EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/01/20 12:0 a.m.42 views

WordPress Ultimate Member Plugin <= 2.1.2 Multiple Insecure Direct Object Reference Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

5.3CVSS5.4AI score0.02168EPSS
Exploits0References1
NVD
NVD
added 2020/01/13 6:15 p.m.25 views

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

7.5CVSS7.6AI score0.0317EPSS
Exploits4References9
Prion
Prion
added 2020/01/13 5:15 p.m.15 views

Design/Logic Flaw

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

5CVSS5.5AI score0.02168EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/01/13 5:5 p.m.23 views

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

7.6AI score0.0317EPSS
Exploits4References9
CVE
CVE
added 2020/01/13 4:31 p.m.84 views

CVE-2020-6859

The CVE-2020-6859 entry corresponds to multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the WordPress Ultimate Member plugin (affected until version 2.1.2) in includes/core/class-files.php. The underlying issue allows remote attackers to modify other users’ profiles and cover p...

5.3CVSS5.4AI score0.02168EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/01/13 4:31 p.m.24 views

CVE-2020-6859

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...

5.5AI score0.02168EPSS
Exploits0References5
Cisco
Cisco
added 2020/01/08 4:0 p.m.26 views

Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability

A vulnerability in the Operations, Administration, Maintenance and Provisioning OAMP OpsConsole Server for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The...

6.8CVSS1.2AI score0.00934EPSS
Exploits0References1
NVD
NVD
added 2020/01/03 5:15 p.m.17 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.3CVSS4.5AI score0.00587EPSS
Exploits0References2
OSV
OSV
added 2020/01/03 5:15 p.m.18 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.3CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/01/03 5:15 p.m.16 views

Design/Logic Flaw

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4CVSS4.8AI score0.00587EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/03 5:15 p.m.27 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.3CVSS5.8AI score0.00587EPSS
Exploits0References2
CVE
CVE
added 2020/01/03 4:30 p.m.127 views

CVE-2019-19259

CVE-2019-19259 refers to a vulnerability in GitLab Enterprise Edition (EE) 11.3 and later through 12.5 that allows an Insecure Direct Object Reference (IDOR), leading to potential information disclosure. The issue affects the application’s handling of object references and is categorized with a C...

4.3CVSS4.7AI score0.00587EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/03 4:30 p.m.21 views

CVE-2019-19259

GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...

4.9AI score0.00587EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/12/31 12:6 p.m.11 views

Starbucks: Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card

nnez discovered that a hacker could transfer funds from one Starbucks card to another by inspecting the form with Google Chrome DevTools and then change the forms "CardNumber" value to a victim's valid Starbucks card number. If the value entered for the "FullAmount" form field did not exceed the...

0.8AI score
Exploits0
CNVD
CNVD
added 2019/12/19 12:0 a.m.3 views

GitLab Insecure Direct Object Reference Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...

6.5CVSS6.9AI score0.00771EPSS
Exploits1References1
Rows per page
Query Builder