4420 matches found
Design/Logic Flaw
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...
CVE-2018-1000210
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...
CVE-2018-1000210
YamlDotNet versions 4.3.2 and earlier contain an Insecure Direct Object Reference vulnerability in Deserializer.Deserialize(), which can blindly instantiate user-controlled types via currentType = Type.GetType(...). This can enable code execution in the running process when parsing specially craf...
Grundig Smart Inter@ctive 3.0 Insecure Direct Object Reference
Exploit Title: Grundig Smart Remote App CSRF Google Dork: Local Vulnerability Date: 06.07.2018 Exploit Author: Ahmethan GALTEKAdegN @inject0r16 Vendor Homepage: https://www.grundig.com/ Software Link: https://play.google.com/store/apps/details?id=arcelik. android.grundig.remote Version: Grundig...
TP-Link TL-WR841N V13 Insecure Direct Object Reference Vulnerability
Exploit for hardware platform in category web applications Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Overview An attacker that can send HTTP...
TP-Link TL-WR841N V13 Insecure Direct Object Reference
Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: Issue was independently fixed in previous...
CVE-2018-1000503
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...
Security Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)
Summary IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user's submitted applications from the system and possibly obtain privileges. Vulnerability Details CVEID: CVE-2018-1362...
WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability
Direct Object Reference vulnerability found by Zhihua Yao in WordPress BBE theme versions = 1.52. The vulnerability allows a direct launch of an HTML editor. Solution Update the WordPress BBE theme to the latest available version at least 1.53...
Monstra CMS <= 3.0.4 Multiple Vulnerabilities
Monstra CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
Design/Logic Flaw
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
ASUSTOR AS6202T ADM Insecure Direct Object Reference Vulnerability
ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. An insecure direct object reference vulnerability exists in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker could use this vulnerability to reference the "downloadsyssettings" action to arbitrarily...
BBE Theme < 1.53 - Direct Object Reference
The bbe WordPress theme was affected by a Direct Object Reference security vulnerability...
New Relic: IDOR via internal_api "users" endpoint
While trying to figure out what the heck is going on with 347664, I stumbled upon another way to perform the "gift that keeps on giving" as @ahamlin put it. Steps to reproduce: 1. Add a unconfirmed user to your account 2. Navigate to https://alerts.newrelic.com/accounts/1523936/channels 3. Click ...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...
How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net
! (CSRF + Flash + HTTP 307)=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...