CVE-2022-34150

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

Design/Logic Flaw

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...

CVE-2022-34150 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

CVE-2022-34150

CVE-2022-34150 affects the MiCODUS MV720 GPS tracker Web server and is an authenticated insecure direct object reference vulnerability on endpoints/parameters for device IDs, enabling an attacker with basic access to manipulate device IDs without further verification (authorization bypass). Publi...

Code injection

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

HYPR Server contains an Insecure Direct Object Reference (IDOR) in the Device Manager page. Remote authenticated attackers can tamper parameters to add a FIDO2 authenticator to arbitrary accounts. Affected: HYPR Server versions prior to 6.14.1. Remediation: upgrade to 6.14.1 or later.

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

Design/Logic Flaw

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

CVE-2022-1881 affects Octopus Server, with an Insecure Direct Object Reference vulnerability that lets a user download Project Exports from a project they don’t have permission to access, limited to projects in the same Space. Practical impact is potential exposure of export data. Remediation gui...

Insecure Direct Object Reference

idno/known is vulnerable to Insecure Direct Object Reference. The vulnerable getContent and postContent functions in Homepage class in Homepage.php file allow remote authenticated attackers to gain access to certain settings of the admin panel due to the use of createGatekeeper inner function...

Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

Design/Logic Flaw

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

CVE-2022-30852

Known v1.3.1 contains an Insecure Direct Object Reference (IDOR) in the Known CMS. The vulnerability arises from getContent()/postContent() in the Homepage class (Homepage.php), where createGatekeeper() enables unauthorized access to admin settings, effectively exposing admin-panel configuration ...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...