4405 matches found
CVE-2019-18998 Asset Suite Direct Object Reference Access
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
Design/Logic Flaw
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
CVE-2019-15581
An IDOR exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE that allowed a project owner or maintainer to see the members of any private group via merge request approval rules...
WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability
Insecure Direct Object Reference IDOR vulnerability found in WordPress Ultimate Member plugin versions = 2.1.2. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.1.3...
WordPress Ultimate Member Plugin <= 2.1.2 Multiple Insecure Direct Object Reference Vulnerabilities
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
Design/Logic Flaw
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified userid parameter. This is related to ajaximageupload and...
CVE-2020-6859
The CVE-2020-6859 entry corresponds to multiple Insecure Direct Object Reference (IDOR) vulnerabilities in the WordPress Ultimate Member plugin (affected until version 2.1.2) in includes/core/class-files.php. The underlying issue allows remote attackers to modify other users’ profiles and cover p...
Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability
A vulnerability in the Operations, Administration, Maintenance and Provisioning OAMP OpsConsole Server for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The...
GitLab EE Insecure Direct Object Reference Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 11.3 - 12.5 suffers from an insecure direct object...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
Design/Logic Flaw
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...