3430 matches found
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
Design/Logic Flaw
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
Command injection
The employee management page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator...
CVE-2021-37215
The CVE-2021-37215 entry describes an Insecure Direct Object Reference (IDOR) in Flygo’s employee management page. After authenticating as a general user, an attacker can manipulate and overwrite another employee’s data by supplying that employee’s ID in an API parameter. Documents confirm this v...
CVE-2021-37215 Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4
The employee management page of Flygo contains an Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter...
CVE-2021-37213 Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2
The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...
CVE-2021-32744
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...
Sourcecodester Phone Shop Sales Management System has an unspecified vulnerability
SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. A security vulnerability exists in Sourcecodester Phone Shop Sales Managements System, which stems from the fact that Sourcecodester Phone Shop Sales Managements...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
Design/Logic Flaw
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
SourceCodester Phone Shop Sales Management System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). The root cause is improper access control that lets an attacker change the id parameter to view invoices of other users. Reported across multiple sources (NVD entry CVE-2021-35337; CNVD...
CVE-2021-31927
An Insecure Direct Object Reference IDOR vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2...
CVE-2021-31927
CVE-2021-31927 describes an Insecure Direct Object Reference (IDOR) in Annex Cloud Loyalty Experience Platform versions earlier than 2021.1.0.1, allowing any authenticated user to modify existing users across environments/clients. The issue is fixed in 2021.1.0.2. Affected component: Annex Cloud ...
WordPress 插件 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Listeo WordPress has a security vulnerability before...
PT-2021-15855 · WordPress · Listeo
Name of the Vulnerable Software and Affected Versions: Listeo WordPress theme versions prior to 1.6.11 Description: The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belo...
Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1
9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...