Lucene search
K

113 matches found

OSV
OSV
added 2024/01/02 9:15 p.m.6 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.5CVSS5.8AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/02 12:0 a.m.13 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

6.9AI score0.00578EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/02 12:0 a.m.18 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.7AI score0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.5 views

PT-2023-29751 · Floorsight · Floorsight Customer Portal Q3 2023

Name of the Vulnerable Software and Affected Versions: Floorsight Customer Portal Q3 2023 Description: An indirect Object Reference IDOR in the Order and Invoice pages allows an unauthenticated remote attacker to view sensitive customer information. Recommendations: As a temporary workaround,...

7.5CVSS6.4AI score0.00578EPSS
Exploits0References6
OSV
OSV
added 2023/11/24 2:15 a.m.5 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS5.8AI score0.00582EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/11/23 12:0 a.m.7 views

PT-2023-7273 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.15 Description: The issue allows for Indirect Object Reference IDOR attacks, enabling unauthorized access to protected information. This can be achieved by modifying the sid parameter to EmailHtmlSourceIframe.jsp...

6.5CVSS6.6AI score0.00582EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2023/10/26 3:15 p.m.3 views

CVE-2023-46449

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function...

8.8CVSS5.9AI score0.00756EPSS
Exploits2References3
OSV
OSV
added 2023/10/13 2:15 p.m.5 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS5.8AI score0.00483EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/13 2:15 p.m.4 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS6.6AI score0.00483EPSS
Exploits1References2
NVD
NVD
added 2023/10/13 2:15 p.m.17 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS6.1AI score0.00483EPSS
Exploits1References1
Prion
Prion
added 2023/10/13 2:15 p.m.12 views

Information disclosure

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

4CVSS6.1AI score0.00483EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/13 12:0 a.m.15 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.2AI score0.00483EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/13 12:0 a.m.14 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.3AI score0.00483EPSS
Exploits1References1
OSV
OSV
added 2023/09/20 8:15 p.m.3 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.5CVSS5.8AI score0.00584EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 8:15 p.m.19 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1
Prion
Prion
added 2023/09/20 8:15 p.m.16 views

Design/Logic Flaw

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

4CVSS6.6AI score0.00584EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2023/09/20 12:0 a.m.45 views

CVE-2023-42334

The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2023/09/20 12:0 a.m.22 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.8AI score0.00584EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/20 12:0 a.m.11 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

7.2AI score0.00584EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.4 views

memos 授权问题漏洞

memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...

9.1CVSS7.3AI score0.00568EPSS
Exploits1References3
Rows per page
Query Builder