2764 matches found
CVE-2014-4629
EMC Documentum Content Server is affected by an Insecure Direct Object Reference (IDOR) vulnerability (CVE-2014-4629) in versions 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19. The issue allows remote authenticated attackers to read or delete arbitrary files via unspecified vectors. Remediation...
CVE-2014-4629
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...
EMC Documentum Content Server Insecure Direct Object Reference (ESA-2014-156)
The remote host is running a version of EMC Documentum Content Server that is affected by an insecure direct object reference vulnerability, which allows a remote, authenticated attacker to potentially read or delete arbitrary files without authorization. C Tenable Network Security, Inc...
ZTE ZXDSL 831CII - Insecure Direct Object Reference
No description provided by source. Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference...
ZTE ZXDSL 831CII - Insecure Direct Object Reference Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure dire...
ZTE ZXDSL 831CII - Insecure Direct Object Reference
ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...
ZTE ZXDSL 831CII - Insecure Direct Object Reference
Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for...
ZTE ZXDSL 831CII Insecure Direct Object Reference
The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...
Avolve Software ProjectDox Multiple Vulnerability Disclosure
--------------------------------------------------------------------- Product: ProjectDox Vendor: Avolve Software Vulnerable Version: 8.1 Tested Version: 8.1 Vendor Notification: May 30, 2014 Public Disclosure: September 3, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...
MyFitnessPal App Patches Privacy Vulnerability
The details of a patched vulnerability in a popular mobile fitness application have been disclosed three months after a fixed was released. The flaw could have allowed a user to fetch the personal profile of another registered app user. MyFitnessPal deployed a fix on June 26 for a privacy flaw in...
Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail
These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...
Fork CMS Local File Inclusion
============================================================================== Fork-CMS Local File Inclusion: Author: Rafay Baloch Introduction: Local file inclusion vulnerability occur when the include function is not sanitized properl, LFI is classified under OWASP Top10 under "A4 Insecure Dire...
CVE-2012-1565
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...
Design/Logic Flaw
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...
CVE-2012-1565
Technical details and affected versions are not publicly available in the provided documents. Monitor for updates from official advisories.
Tuenti.com Insecure Direct Object Reference
============================================= INTERNET SECURITY AUDITORS ALERT 2010-008 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4/10 CVSSv2 Base Scored ============================================= I...
Directory traversal
Directory traversal vulnerability in sla/index.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. dot dot in the l parameter, related to an "Insecur...
MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability
Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...
Proventia Network Mail Security System Insecure Direct Object Reference
Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...
Article Friendly Local File Inclusion
======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...