CVE-2017-11463

Ivanti Service Desk (LANDESK Management Suite) 2016.3–2017.3 has an Unrestricted Direct Object Reference allowing normal users to reference/update objects belonging to others by sending a URI with a target username, enabling retrieval of keys/tokens to access user profiles, tickets, incidents, et...

CVE-2017-11463

In Ivanti Service Desk formerly LANDESK Management Suite versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in...

Open-Xchange: [IDOR] Deleting other people's tasks

Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...

RecargaPay: IDOR exposes receipts of all users.

@cablej found an insecure direct object reference IDOR that could expose receipts from external users. Thanks for helping us make RecargaPay more secure!...

ZKTime Web Software 2.0 Insecure Direct Object Reference

Exploit Title: ZKTime Web Software 2.0 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...

CVE-2015-6668

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...

CVE-2015-6668

The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...

Concrete CMS: 'cnvID' parameter vulnerable to Insecure Direct Object References

Installation Information === IIS 8, PHP 5.5, Concrete5 5.7.5.7 Default install Issue POC An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers. 1. An example blog with permission...

Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference

Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security HES Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud...

Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution

!/usr/bin/env python -- coding: utf8 -- Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL, SiteScan Web 6.1 and...

Tilde CMS 1.01 - Multiple Vulnerabilities

Tilde CMS 1.01 - Multiple Vulnerabilities Exploit Title: Tilde CMS 1.01 Multiple Vulnerabilities Date: July 7th, 2017 Exploit Authors: Paolo Forte, Raffaele Forte Vendor Homepage: http://www.tildenetwork.com/ Version: Tilde CMS 1.0.1 Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION...

Tilde CMS 1.01 - Multiple Vulnerabilities

Exploit Title: Tilde CMS 1.01 Multiple Vulnerabilities Date: July 7th, 2017 Exploit Authors: Paolo Forte, Raffaele Forte Vendor Homepage: http://www.tildenetwork.com/ Version: Tilde CMS 1.0.1 Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal Vulnerabilities

Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue. Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal

Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory...

Verizon Patches XSS Issues in its Messaging Client

Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

U.S. Dept Of Defense: IDOR on DoD Website exposes FTP users and passes linked to all accounts!

Description: https://████/██████/ is vulnerable to Insecure Direct Object Reference. The application does not validate whether or not who a Push Server belongs to thus allowing an attacker to view the credentials of any FTP / sFTP server linked to any user's account. Impact An attacker can view...

Agorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions: 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: High Solution Status: Open...

CVE-2016-7786

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5...

ok.ru: ВИП подарки бесплатные без подключения ВИП услуги

Attacker could send VIP gifts for free due to insecure direct object reference. Недостаточная проверка прав при дарении подарка позволяла дарить VIP подарки бесплатно...