113 matches found
CVE-2023-45893
An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...
CVE-2023-45893
An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...
CVE-2023-45893
An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...
PT-2023-29751 · Floorsight · Floorsight Customer Portal Q3 2023
Name of the Vulnerable Software and Affected Versions: Floorsight Customer Portal Q3 2023 Description: An indirect Object Reference IDOR in the Order and Invoice pages allows an unauthenticated remote attacker to view sensitive customer information. Recommendations: As a temporary workaround,...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
PT-2023-7273 · Sysaid · Sysaid
Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.15 Description: The issue allows for Indirect Object Reference IDOR attacks, enabling unauthorized access to protected information. This can be achieved by modifying the sid parameter to EmailHtmlSourceIframe.jsp...
CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
Information disclosure
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
Design/Logic Flaw
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...