3430 matches found
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
Design/Logic Flaw
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 is affected by CVE-2021-40352 due to an insecure direct object reference in pnotes_print.php?noteid= that allows reading other users’ messages (IDOR). Exploitation PoCs exist (e.g., PoC notes/public exploits show changing noteid to access others’ messages, including admin messages)....
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
OpenEMR 6.0.0 Insecure Direct Object Reference
Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...
GHSA-54GP-QFF8-946C Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
Tecknodreams SapphireIMS Insecure Direct Object Reference Vulnerability
Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971. The vulnerability stems from an insecure direct object reference in the local user creation function. An attack...
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Design/Logic Flaw
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Shopware 日志信息泄露漏洞
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2017-16631
In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...
Default credentials
In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...
CVE-2017-16631
In SapphireIMS 4097_1, an Insecure Direct Object Reference (IDOR) in the Account Password Reset feature allows a guest user to change an administrative user’s password. Root cause: IDOR exposure enabling unauthorized password reset. Impact: unauthorized admin credential modification. Exploitation...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2017-16630
SapphireIMS 4097_1 is affected by CVE-2017-16630 due to an insecure direct object reference (IDOR) in the local user creation function. A guest user can create a local administrator account on any system with SapphireIMS installed, enabling privilege elevation. The issue is caused by insufficient...
WordPress LifterLMS 4.21.1 Insecure Direct Object Reference
Exploit Title: WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR Date: 2021-05-17 Exploit Author: captainhook Vendor Homepage: https://lifterlms.com Software Link: https://lifterlms.com Version: 4.21.1 Tested on: any Description The plugin was affected by an IDOR...