3461 matches found
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...
WordPress Plugin Wp Ultimate Review 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-6897
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2023-6897
CVE-2023-6897 affects the EAN, UPC, ISBN Generator: Product Barcode Inventory for WooCommerce plugin (EAN for WooCommerce) for WordPress. The Red Hat entry confirms an Insecure Direct Object Reference in all versions up to 4.9.2 via the shortcode alg_wc_ean_product_meta, caused by missing validat...
CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.193 Revisi...
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference
Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...
EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode
Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...
CVE-2023-50872
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2023-50872
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...
Accredible 安全漏洞
Accredible is a world-leading digital credentialing platform from Accredible, Inc. that provides digital badges and digital certificates. Accredible has a security vulnerability that stems from allowing an insecure direct object reference attack that can lead to information disclosure...
CVE-2023-50872
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security...
PT-2024-13985 · Accredible · Accredible Credential.Net
Name of the Vulnerable Software and Affected Versions: Accredible Credential.net affected versions not specified Description: The API in Accredible Credential.net allows an Insecure Direct Object Reference attack, which discloses partial information about certificates and their respective holders...
CVE-2023-50872
CVE-2023-50872 affects Accredible Credential.net API. The vulnerability is an Insecure Direct Object Reference that discloses partial information about certificates and their holders. According to the CVSS details, it is a NETWORK-based issue with low attack complexity, no privileges required, an...
PT-2024-18177 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 0.3.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the project update endpoint, allowing authenticated users to modify the name of any project within the system without proper...
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...