Option CloudGate Insecure Direct Object References And XSS Vulnerabilities

Option CloudGate is prone to cross site scripting and insecure direct object reference authorization bypass vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

GitLab: Privilege escalation to access all private groups and repositories

Vulnerability details There is an insecure direct object reference IDOR issue in the group sharing feature for a project. This allows an attacker to get access to the names of private repositories of a group, issues, milestones, and the group its team members. Proof of concept First, lets set up...

Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI...

Bumble: Insecure Direct Object Reference on badoo.com

Hi, I want to report IDOR Insecure Direct Object Reference vulnerability to you. IDOR Details are here: https://www.owasp.org/index.php/Top102010-A4-InsecureDirectObjectReferences https://www.owasp.org/index.php/TestingforInsecureDirectObjectReferences%28OTG-AUTHZ-004%29 As the pages say: Insecur...

New Relic: Normal user can set "Job title" of other users by Direct Object Reference

A normal user when logs in to "New Relic" and navigates to the "Account Settings" page, can only set his/her own Job title. All other user's Job title selection are not available. But using a proxy tool like Burp Suite, while changing his own job role, if he replaces his own ID with any other use...

Veris: Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely

Hello Team, I have found an extremely critical issue with the help of which an attacker can delete any member of any organization. The vulnerability is Insecure Direct Object ReferenceIDOR which leads to privilege escalation as an attacker can perform such a critical attack from his own account...

perfact::mpa Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-069 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-064 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...

Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-059 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...

Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-058 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...

Chamilo LMS Insecure Direct Object Reference

Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...

Chamilo LMS IDOR - (messageId) Delete Post Vulnerability

Document Title: =============== Chamilo LMS IDOR - messageId Delete Post Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability Laboratory...

Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities

Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities

Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product...

Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities

Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Description Confluence is team collaboration software, where yo...

Atlassian Confluence XSS / Insecure Direct Object Reference

Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Description Confluence is team collaboration software, where yo...