8 matches found
CVE-2023-24625
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
Design/Logic Flaw
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
Cross site request forgery (csrf)
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request...
CVE-2013-4340
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...
DEBIAN-CVE-2013-4340
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...
Design/Logic Flaw
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to 1 Cloud Controller or 2 Walrus with the internal message format and a modified user id...
DEBIAN-CVE-2006-6016
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified userid parameter...
PT-2006-6663 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 2.0.5 Description: The issue allows remote authenticated users to read the metadata of an arbitrary user via a modified user id parameter in the 'wp-admin/user-edit.php' page. Recommendations: For versions prior to...