Lucene search
K

197 matches found

OSV
OSV
added 2023/05/16 9:15 a.m.3 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS7.1AI score0.00718EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.7 views

PT-2023-7925 · Eurotel · Eurotel Etl3100

Name of the Vulnerable Software and Affected Versions: EuroTel ETL3100 versions v01c01 and v01x37 Description: The issue is related to insecure direct object references, which occur when the application provides direct access to objects based on user-supplied input. This allows attackers to bypas...

9.8CVSS8.8AI score0.00805EPSS
Exploits1References11
OSV
OSV
added 2023/02/03 3:15 p.m.4 views

CVE-2022-34138

Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
Veracode
Veracode
added 2023/01/02 2:52 p.m.15 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Insecure direct object references of the library allows an attacker to retrieve or delete files uploaded by other users...

8.8CVSS8.3AI score0.00811EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/01/02 12:53 p.m.14 views

Privilege Escalation

github.com/usememos/memos is vulnerable to privilege escalation. Incorrect use of privileged APIs due to insecure direct object references allows an attacker to archive private memos and delete/edit shortcuts on the user's behalf...

4.3CVSS5.1AI score0.00507EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.6 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.2AI score0.00485EPSS
Exploits0References3
OSV
OSV
added 2022/09/30 7:15 p.m.5 views

CVE-2021-36865

Insecure direct object references IDOR vulnerability in ExpressTech Quiz And Survey Master plugin = 7.3.4 at WordPress allows attackers to change the content of the quiz...

4.3CVSS5.8AI score0.00417EPSS
Exploits0References2
Huntr
Huntr
added 2022/07/18 8:39 a.m.12 views

Insecure Direct Object References when creating a list

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /list HTTP/2 Host: bookwyrm.social Cookie: djangolanguage=None; csrftoken=I5lj4znBJ9B5HnT3FAsII67G1EISidIKGlsIz5ElN9kmlDwucM2hGKx0Fy4gM8vj;...

7AI score
Exploits0
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.5 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server has a security vulnerability that stems from the presence of insecure object references, which can be exploited by an attacker to download projects and export them from projects to which they do not have access...

5.3CVSS5.9AI score0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/10 7:15 p.m.4 views

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

7.5CVSS7.1AI score0.02238EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/03/16 12:0 a.m.2 views

PT-2022-11955 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye & Crucible versions prior to 4.8.9 Description: The issue allows remote attackers to browse local files due to an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. This is possible because of a...

7.5CVSS7.1AI score0.01245EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/09/30 10:13 a.m.4 views

CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

8.8CVSS7.4AI score0.00842EPSS
Exploits1References2
OSV
OSV
added 2021/08/30 6:15 p.m.3 views

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

7.2CVSS7.3AI score0.00999EPSS
Exploits1References1
OSV
OSV
added 2021/08/09 10:15 a.m.5 views

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.1CVSS7.4AI score0.00646EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.5 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Workreap theme versions prior to 2.2.2 that stems from...

8.1CVSS7.6AI score0.00646EPSS
Exploits2References2
OSV
OSV
added 2020/08/11 1:15 p.m.3 views

CVE-2020-10779

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

6.5CVSS6.6AI score0.00776EPSS
Exploits0References2
Veracode
Veracode
added 2018/07/16 9:21 a.m.17 views

Remote Code Execution (RCE)

YamlDotNet is susceptible to remote code execution RCE through insecure direct object references. It can happen because the Deserializer.Deserialize function does not prevent deserialization of user-controlled types currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false; and crea...

7.8CVSS8.1AI score0.01469EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder