Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as a normal user, to access a specific employee's sign-in record by manipulating the...

PT-2020-16754 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the ajax/comments.php file. This vulnerability allows an attacker to read data from any database table, such as glpi...

PT-2019-13804 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.851,...

CVE-2019-14730

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...

CVE-2016-10930

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

PT-2019-13558 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: An insecure object reference in CentOS Web Panel allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account. Recommendations: For version 0.9.8.851,...

CVE-2015-6668

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...