37 matches found
PT-2024-11006 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...
PT-2024-33667 · Zitadel +1 · Zitadel +1
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.64.0 Zitadel versions prior to 2.63.5 Zitadel versions prior to 2.62.7 Zitadel versions prior to 2.61.4 Zitadel versions prior to 2.60.4 Zitadel versions prior to 2.59.5 Zitadel versions prior to 2.58.7 Description...
CVE-2024-42775
An Incorrect Access Control vulnerability was found in /admin/addroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access...
CVE-2024-42775
An Incorrect Access Control vulnerability was found in /admin/addroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access...
Kashipara Hotel Management System 安全漏洞
Kashipara Hotel Management System is a hotel management system from Kashipara. An Access Control Error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to add valid hotel room entries in the administrator section via direct URL...
Authorization Bypass
silverstripe/reports is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the implementation of access control mechanisms within the ReportAdmin.php. It allows direct URL access to reports by any user who has access to the reports admin section, irrespective of whether the...
CVE-2024-29885
silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView method for that report returns false. This issue has been...
PT-2024-40086 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns the reports CMS section, where it only checks the canView function when listing reports that can be viewed by the current user. However, it does not perform this chec...
CVE-2024-28345
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...
CVE-2021-24780
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...
ARCHIBUS Web Central 安全漏洞
ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...
Stellar.org: Direct URL access to PDF files
hi, I was able to access the following PDF files without any authentication https://www.stellar.org/wp-content/uploads/2014/07/Bylaws-00580045-10.pdf https://www.stellar.org/wp-content/uploads/2014/07/FILED-STELLAR-DEVELOPMENT-FOUNDATION-00594674.pdf the pdf files under path...
Vicon Network Camera Authentication Bypass
TITLE Vicon Network Cameras - Authentication Bypass AUTHOR Reginald Dodd / Information Security Engineer https://www.linkedin.com/in/reginalddodd VENDOR Vicon Industries Inc. http://www.vicon-security.com http://www.vicon-security.com/products/network-cameras/ DESCRIPTION Remote unauthenticated...
Nextcloud: The application uses basic authentication.
Basic authentication is enabled on file access requests ==================== Description --------------------- Basic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here - OWASP: Basic Authentication. Though...
Coinbase: Direct URL access to completed reports
Access to non-HTML contents such as CSV report is not restricted to authenticated users. Anyone would be able to access a CSV report by giving the direct URL and downloading it. The URL could be obtained from browser history. The following URL is an example...
Fiyo CMS Direct URL Access Vulnerability
Fiyo CMS is small business phone service and mobile collaboration tool. A direct URL access vulnerability exists in Fiyo CMS. An attacker could exploit the vulnerability to perform unauthorized actions...
CVE-2006-2534
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...