3468 matches found
CVE-2022-29287
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...
MTN Group: Unprotected Direct Object Reference
Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference Vulnerability
Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept ============ Normal us...
SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference
Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...
CVE-2021-46416
CVE-2021-46416 concerns the SUNNY TRIPOWER 5.0 firmware (version 3.10.16.R). The vulnerability arises from insecure cookie handling that enables an insecure direct object reference, allowing an unauthorized user group to access restricted functionality. The issue is described in the CVE entry as ...
SMA Solar Technology SUNNY TRIPOWER 安全漏洞
The SMA Solar Technology SUNNY TRIPOWER is a solar inverter from SMA Solar Technology, Germany. A security vulnerability exists in SMA Solar Technology SUNNY TRIPOWER 5.0, which stems from an insecure direct object reference that could lead to unauthorized user group access due to insecure cookie...
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
Design/Logic Flaw
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
CVE-2022-23061
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...
CVE-2022-1176
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96...
livehelperchat 安全漏洞
livehelperchat is a live support available for free on the website through Live Helper Chat. A security vulnerability exists in livehelperchat versions prior to 3.96 that stems from a loose comparison leading to IDOR on multiple endpoints. an attacker can bypass multiple checks to access other...
CVE-2021-38362
In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...
CVE-2021-38362
In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...
Design/Logic Flaw
In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...
CVE-2021-38362
In RSA Archer 6.x through 6.9 SP3 6.9.3.0, an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference IDOR issue and retrieve sensitive data...