CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

CVE-2021-37215

The employee management page of Flygo contains an Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter...

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as an ordinary user, to arbitrarily access employee data by manipulating the employee ID i...

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...

WordPress 插件访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in versions o...

Endalia Selection Portal Arbitrary File Upload Vulnerability

Endalia Selection Portal is an application from Endalia Spain. It provides a software for attracting and selecting talent. An arbitrary file upload vulnerability exists in Endalia Selection Portal in versions prior to 4.205.0. The vulnerability stems from an insecure object reference that allows...

Endalia Selection Porta 安全漏洞

Endalia Selection Portal is an application from Endalia Spain. It provides a software for attracting and selecting talent. An arbitrary file upload vulnerability exists in Endalia Selection Portal in versions prior to 4.205.0. The vulnerability stems from an insecure object reference that allows...

PT-2021-2949 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an insecure direct object reference IDOR in the product module, which could lead to unauthorized...

CVE-2020-16194

An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...

CVE-2020-29446

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...

IBM Cloud Pak System Information Disclosure Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An information disclosure vulnerability exists in IBM Cloud Pak System 2.3. The vulnerability originates from an insecure direct object reference in the Sales and Service Consol...

Information disclosure

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

GLPI Insecure Direct Object Reference Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

PT-2020-20625 · Subex · Subex Roc Partner Settlement

Name of the Vulnerable Software and Affected Versions: Subex ROC Partner Settlement version 10.5 Description: An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature allows remote authenticated users to achieve account takeover via manipulation of POST parameters. Th...

GitLab EE Insecure Direct Object Reference Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 11.3 - 12.5 suffers from an insecure direct object...

CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...