704 matches found
Remote Code Execution (RCE)
moodle/moodle is vulnerable to remote code execution. The vulnerability exists due to an insecure direct object reference, allowing an attacker to fetch other users' calendar action events...
Concrete CMS < 8.5.7 Multiple Vulnerabilities
Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...
CVE-2021-36388
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...
Yellowfin Business Intelligence Yellowfin 安全漏洞
An insecure direct object reference vulnerability exists in versions of Yellowfin prior to 9.6.1, a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. An attacker could exploit the vulnerability by sending a specially crafted HTTP GET request to th...
PT-2021-21267 · Yellowfin · Yellowfin
Name of the Vulnerable Software and Affected Versions: Yellowfin versions prior to 9.6.1 Description: The issue allows enumeration and download of uploaded images through an Insecure Direct Object Reference vulnerability. This can be exploited by sending a specially crafted HTTP GET request to th...
GitLab Enterprise Edition 信息泄露漏洞
GitLab Enterprise Edition is a content management system GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. The program can be used to access the contents of a project's files, commit history, bug lists, and more. An...
Teamcenter 代码问题漏洞
Siemens Teamcenter, a product lifecycle management computer software application from Siemens, Germany, is vulnerable to a code issue that results from an application containing an insecure direct object reference IDOR vulnerability that could be exploited by an attacker to directly access object...
CVE-2021-22023
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
CVE-2021-22023
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
CVE-2021-22023
CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...
CVE-2021-37215
The employee management page of Flygo contains an Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter...
CVE-2021-24500
Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...
Larvata Flygo 安全漏洞
Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...
Larvata Flygo 安全漏洞
Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as an ordinary user, to arbitrarily access employee data by manipulating the employee ID i...
WordPress 插件访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in versions o...
Endalia Selection Portal Arbitrary File Upload Vulnerability
Endalia Selection Portal is an application from Endalia Spain. It provides a software for attracting and selecting talent. An arbitrary file upload vulnerability exists in Endalia Selection Portal in versions prior to 4.205.0. The vulnerability stems from an insecure object reference that allows...
Endalia Selection Porta 安全漏洞
Endalia Selection Portal is an application from Endalia Spain. It provides a software for attracting and selecting talent. An arbitrary file upload vulnerability exists in Endalia Selection Portal in versions prior to 4.205.0. The vulnerability stems from an insecure object reference that allows...
PT-2021-2949 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an insecure direct object reference IDOR in the product module, which could lead to unauthorized...
CVE-2020-16194
An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...