Lucene search
K

2871 matches found

Hacker One
Hacker One
added 2015/03/29 5:15 p.m.21 views

X (Formerly Twitter): Insecure Direct Object Reference - access to other user/group DM's

Hello, I found a way to access group DM's which i don't have access to, Conditions to be met: - Should have been in that DM group atleast once. Exploitation ways: =============== - let's say they're three twitter profiles, Naruto , Goku and Eren. - Naruto creates a DM group in between himself ,...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/03/23 12:0 a.m.176 views

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS0.9AI score0.01003EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/02/23 12:0 a.m.65 views

Kony EMM 1.2 Insecure Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS6.7AI score0.01003EPSS
Exploits2
Hacker One
Hacker One
added 2015/01/31 5:31 p.m.124 views

Vimeo: CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.

Hello, This time I found a IDORInsecure Direct Object Reference vulnerability. It allows an attacker to get unauthorized access to Videos of Channel whose privacy is set to Only moderators and people I choose without being a member. In simple words, we can access videos of private channel without...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2014/12/08 12:0 a.m.43 views

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability EMC Identifier: ESA-2014-156 CVE Identifier: CVE-2014-4629 Severity Rating: CVSS v2 Base Score: 8.2 AV:N/AC:M/Au:S/C:C/I:P/A:C Affected products: • All EMC...

9CVSS0.7AI score0.03271EPSS
Exploits0
NVD
NVD
added 2014/12/06 3:59 p.m.20 views

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

9CVSS6.2AI score0.03271EPSS
Exploits0References5
Prion
Prion
added 2014/12/06 3:59 p.m.18 views

Design/Logic Flaw

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

9CVSS6.8AI score0.03271EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/12/06 3:0 p.m.27 views

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

6.2AI score0.03271EPSS
Exploits0References5
CVE
CVE
added 2014/12/06 3:0 p.m.45 views

CVE-2014-4629

EMC Documentum Content Server is affected by an Insecure Direct Object Reference (IDOR) vulnerability (CVE-2014-4629) in versions 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19. The issue allows remote authenticated attackers to read or delete arbitrary files via unspecified vectors. Remediation...

9CVSS6.3AI score0.03271EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.26 views

EMC Documentum Content Server Insecure Direct Object Reference (ESA-2014-156)

The remote host is running a version of EMC Documentum Content Server that is affected by an insecure direct object reference vulnerability, which allows a remote, authenticated attacker to potentially read or delete arbitrary files without authorization. C Tenable Network Security, Inc...

9CVSS5.7AI score0.03271EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.14 views

ZTE ZXDSL 831CII - Insecure Direct Object Reference

No description provided by source. Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/11/10 12:0 a.m.37 views

ZTE ZXDSL 831CII - Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure dire...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/11/10 12:0 a.m.17 views

ZTE ZXDSL 831CII - Insecure Direct Object Reference

ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/10 12:0 a.m.73 views

ZTE ZXDSL 831CII - Insecure Direct Object Reference

Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/07 12:0 a.m.54 views

ZTE ZXDSL 831CII Insecure Direct Object Reference

The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...

5CVSS6.7AI score0.0221EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.75 views

Avolve Software ProjectDox Multiple Vulnerability Disclosure

--------------------------------------------------------------------- Product: ProjectDox Vendor: Avolve Software Vulnerable Version: 8.1 Tested Version: 8.1 Vendor Notification: May 30, 2014 Public Disclosure: September 3, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

4.3CVSS0.2AI score0.02614EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/09/22 12:4 p.m.14 views

MyFitnessPal App Patches Privacy Vulnerability

The details of a patched vulnerability in a popular mobile fitness application have been disclosed three months after a fixed was released. The flaw could have allowed a user to fetch the personal profile of another registered app user. MyFitnessPal deployed a fix on June 26 for a privacy flaw in...

6.5AI score
Exploits0References4
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.73 views

Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail

These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...

2.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/04/18 12:0 a.m.17 views

Fork CMS Local File Inclusion

============================================================================== Fork-CMS Local File Inclusion: Author: Rafay Baloch Introduction: Local file inclusion vulnerability occur when the include function is not sanitized properl, LFI is classified under OWASP Top10 under "A4 Insecure Dire...

7.4AI score
Exploits0
NVD
NVD
added 2012/10/06 9:55 p.m.16 views

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...

7.5CVSS6.4AI score0.02031EPSS
Exploits0References7
Rows per page
Query Builder