Lucene search
K

3468 matches found

Cvelist
Cvelist
added 2022/04/15 11:52 p.m.23 views

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4.9CVSS5.5AI score0.00858EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/04/11 12:18 a.m.18 views

MTN Group: Unprotected Direct Object Reference

Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...

6.9AI score
Exploits0
0day.today
0day.today
added 2022/04/11 12:0 a.m.241 views

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference Vulnerability

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept ============ Normal us...

8.1CVSS8.2AI score0.06693EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/11 12:0 a.m.349 views

SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...

8.2AI score0.06693EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/11 12:0 a.m.357 views

SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)

Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...

8.1CVSS8.2AI score0.06693EPSS
Exploits4
NVD
NVD
added 2022/04/07 11:15 a.m.10 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS0.06693EPSS
Exploits4References3
OSV
OSV
added 2022/04/07 11:15 a.m.6 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS7.2AI score0.06693EPSS
Exploits4References3
CVE
CVE
added 2022/04/07 10:45 a.m.79 views

CVE-2021-46416

CVE-2021-46416 concerns the SUNNY TRIPOWER 5.0 firmware (version 3.10.16.R). The vulnerability arises from insecure cookie handling that enables an insecure direct object reference, allowing an unauthorized user group to access restricted functionality. The issue is described in the CVE entry as ...

8.1CVSS7.9AI score0.06693EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.3 views

SMA Solar Technology SUNNY TRIPOWER 安全漏洞

The SMA Solar Technology SUNNY TRIPOWER is a solar inverter from SMA Solar Technology, Germany. A security vulnerability exists in SMA Solar Technology SUNNY TRIPOWER 5.0, which stems from an insecure direct object reference that could lead to unauthorized user group access due to insecure cookie...

8.1CVSS7.7AI score0.06693EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2022/04/06 3:15 p.m.1 views

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4.3CVSS5.9AI score0.00579EPSS
Exploits1References2
OSV
OSV
added 2022/04/06 3:15 p.m.20 views

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4.3CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2022/04/06 3:15 p.m.15 views

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4CVSS4.6AI score0.00579EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/06 2:40 p.m.14 views

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4.9AI score0.00579EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/06 12:22 p.m.6 views

CVE-2022-23061

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...

6.5CVSS5.8AI score0.01082EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/31 10:15 a.m.4 views

CVE-2022-1176

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...

7.5CVSS7.2AI score0.01231EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.2 views

livehelperchat 安全漏洞

livehelperchat is a live support available for free on the website through Live Helper Chat. A security vulnerability exists in livehelperchat versions prior to 3.96 that stems from a loose comparison leading to IDOR on multiple endpoints. an attacker can bypass multiple checks to access other...

7.5CVSS7.3AI score0.01231EPSS
Exploits1References3
OSV
OSV
added 2022/03/30 10:15 p.m.4 views

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

6.5CVSS6.6AI score0.00944EPSS
Exploits0References3
NVD
NVD
added 2022/03/30 10:15 p.m.16 views

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

6.5CVSS0.00944EPSS
Exploits0References3
Prion
Prion
added 2022/03/30 10:15 p.m.20 views

Design/Logic Flaw

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

4CVSS6.3AI score0.00944EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/30 9:43 p.m.25 views

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...

6.5AI score0.00944EPSS
Exploits0References3
Rows per page
Query Builder