Design/Logic Flaw

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

Deserialization of untrusted data

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19578

GitLab EE 11.5 before 11.5.1 is vulnerable to an insecure object reference that allows a user with Reporter privileges to view the Jaeger Tracing Operations page. Root cause: improper access control on the Jaeger operations page. Impact: exposure of tracing page content to users with limited perm...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

CVE-2016-10734

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

Security Bulletin: IBM OpenPages GRC Platform has addressed insecure object reference (CVE-2017-1148)

Summary IBM OpenPages GRC Platform with OpenPages Loss Event Entry LEE application addressed potential security exposure due to insecure object reference. Vulnerability Details CVEID: CVE-2017-1148 DESCRIPTION: IBM OpenPages GRC Platform with OpenPages Loss Event Entry LEE application could allow...

SecurEnvoy SecurMail Insecure Direct Object Reference Vulnerability

SecurEnvoy SecurMail allows you to send email securely. An insecure direct object reference vulnerability exists in SecurEnvoy SecurMail before 9.2.501. A remote authenticated user can exploit this vulnerability to read arbitrary email messages via the option1 parameter in the reply action of...

TestLink Insecure Direct Object Reference Vulnerability

Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . TestLink 1.9.16 and previous versions of a security vulnerability . A remote attacker can send a...

GitLab -- multiple vulnerabilities

GitLab reports: SnippetFinder information disclosure The GitLab SnippetFinder component contained an information disclosure which allowed access to snippets restricted to Only team members or configured as disabled. The issue is now resolved in the latest version. LDAP API authorization issue An...

ProjectSend r582 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk...

ProjectSend r582 - Multiple Vulnerabilities

ProjectSend r582 - Multiple Vulnerabilities Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object...

ProjectSend r582 - Multiple Vulnerabilities

Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk level: 4 / 5 Credit:...

Multiple Vulnerabilities found in ZHONE

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: S3.0.501...

ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities

ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpList 3.0.10 Insecure Direct Object Reference

Affected software: phplist Type of vulnerability: insecure object reference URL:phplist.com Discovered by: Provensec Website: http://www.provensec.com version: phpList ltd. - v3.0.10 Proof of concept insecure object refrenced on page deltetation vuln param:delete example:...