3460 matches found
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
PT-2022-21762 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.5 through 15.1.5 GitLab EE versions 15.2 through 15.2.3 GitLab EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab EE's Zentao integration, which has an insecure direct object reference th...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
Design/Logic Flaw
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
CVE-2022-42067
CVE-2022-42067 concerns an Insecure Direct Object Reference (IDOR) vulnerability in the Online Birth Certificate Management System version 1.0. The available documents identify the affected product and vulnerability class but do not provide deeper root-cause details, exploit vectors, or explicit ...
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...
Design/Logic Flaw
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...
PT-2022-18934 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows revealing information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations: At the moment, there is no information...
Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
CVE-2022-38789
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
Design/Logic Flaw
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
CVE-2022-38789
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
CVE-2022-38789
CVE-2022-38789 affects Airties Smart Wi‑Fi devices released before 2020-08-04. The issue stems from an Insecure Direct Object Reference that lets an attacker change the main/guest SSID and PSK to arbitrary values and map the LAN. Multiple sources (NVD/Red Hat entry, CN/PRION/PTSecurity summaries)...
GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
PT-2022-24568 · Airties · Airties Smart Wi-Fi
Name of the Vulnerable Software and Affected Versions: Airties Smart Wi-Fi versions prior to 2020-08-04 Description: The issue allows attackers to change the main/guest SSID and the PSK to arbitrary values and map the LAN due to Insecure Direct Object Reference. Recommendations: For versions prio...
Airties Smart Wi-Fi 安全漏洞
Airties Smart Wi-Fi is a series of Wi-Fi extenders from Airties Turkey. A security vulnerability exists in Airties Smart Wi-Fi versions prior to 2020-08-04, which stems from an insecure direct object reference...