3430 matches found
CVE-2020-35737
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
Design/Logic Flaw
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
CVE-2020-35737
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
Newgen Egov Correspondence Management System Security Breach
Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...
h1-ctf: Hacky Holidays Writeup
On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...
Stripe: GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson
@bubbounty discovered an Insecure Direct Object Reference IDOR vulnerability that allowed someone with prior Admin access to a Stripe account to add a co-founder to a Stripe Atlas application belonging to the merchant account they used to administer. The issue has been addressed by only allowing...
h1-ctf: Stopping Grinch to ruin XMas!
Hello, Gonna just submit flags first then will send my write up later tomorrow. flag1: flag48104912-28b0-494a-9995-a203d1e261e7 https://hackyholidays.h1ctf.com/robots.txt recon revealing hidden endpoint flag2: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 https://hackyholidays.h1ctf.com/s3cr3t-ar3a...
Zyxel P1302-T10 Code Issue Vulnerability
The Zyxel P1302-T10 is a modem device from China-based Zyxel. A security vulnerability exists in Zyxel s P1302-T10 v3, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to gain privileges and access to certain administrative pages...
Design/Logic Flaw
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...
CVE-2020-20183
CVE-2020-20183 affects Zyxel P1302-T10 v3 (firmware
Zyxel P1302-T10 代码问题漏洞
The Zyxel P1302-T10 is a modem device from China-based Zyxel. A security vulnerability exists in Zyxel s P1302-T10 v3, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to gain privileges and access to certain administrative pages...
FreeBSD : glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php (695b2310-3b3a-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc.. C Tenable Network Security, Inc. The descriptive text and package checks in this...
FreeBSD : glpi -- Insecure Direct Object Reference on ajax/comments.ph (190176ce-3b3a-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc.. C Tenable Network Security, Inc. The descriptive text and package checks ...
Employee Performance Evaluation System 1.0 Insecure Direct Object Reference
Exploit Title: Employee Performance Evaluation System 1.0 - Able to delete Admin user from Local account Unauthenticated Insecure Direct Object Reference IDOR Date: 09/12/2020 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com Software Link:...
Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony'...
GLPI Insecure Direct Object Reference Vulnerability (CNVD-2020-67631)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
CVE-2020-27662
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...
CVE-2020-27663
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...
CVE-2020-27663
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...
Design/Logic Flaw
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...