3461 matches found
PT-2023-5432 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.6 Description: The issue is related to an Insecure Direct Object Reference IDOR in the graph xport.php component, allowing unauthorized access to any graph via a modified local graph id parameter. This can enable a...
EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities
The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and...
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...
Web Stock 3.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Web Stock v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
Yourdoctor CMS 1.5 Insecure Direct Object Reference
==================================================================================================================================== | Title : Yourdoctor CMS v1.5 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Yourdoctor CMS 1.4 Insecure Direct Object Reference
==================================================================================================================================== | Title : Yourdoctor CMS v1.4 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
CMSdosma 5.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : CMSdosma v5.0 Unauthorized Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
The Australian Signals Directorate’s Australian Cyber Security Centre ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and the National Security Agency NSA are releasing a joint Cybersecurity Advisory CSA, Preventing Web Application Access Control Abuse, to warn vendors, designers...
Insecure Direct Object Reference
gitlab is vulnerable to Insecure Direct Object Reference. The vulnerability allows an endpoint to reveal an issue title to the user if they craft an API call with the same issue ID...
CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
Design/Logic Flaw
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
CVE-2023-38257 CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
CVE-2023-38257 CVE-2023-38257
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...
CVE-2023-38257
CVE-2023-38257 affects Iagona ScrutisWeb up to version 2.1.37. It is an insecure direct object reference that could allow an unauthenticated attacker to view profile information, including user login names and encrypted passwords. The advisory notes remote exploitation is possible with low attack...
PT-2023-6721 · Iagona · Iagona Scrutisweb
Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue is related to an insecure direct object reference vulnerability. This could allow an unauthenticated user to view profile information, including user login names and encrypted...
Bluelaat 1.0 Beta Insecure Direct Object Reference
==================================================================================================================================== | Title : Bluelat V0.1 beta Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
PT-2023-6092 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier Description: The issue is related to an improper input...
BBAM 1.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : bbam CMS v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
Bigware-Shop CMS 2.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
BloodBank 1.0 Insecure Direct Object Reference
====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...