4405 matches found
Monstra CMS <= 3.0.4 Multiple Vulnerabilities
Monstra CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Design/Logic Flaw
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
ASUSTOR AS6202T ADM Insecure Direct Object Reference Vulnerability
ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. An insecure direct object reference vulnerability exists in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker could use this vulnerability to reference the "downloadsyssettings" action to arbitrarily...
BBE Theme < 1.53 - Direct Object Reference
The bbe WordPress theme was affected by a Direct Object Reference security vulnerability...
New Relic: IDOR via internal_api "users" endpoint
While trying to figure out what the heck is going on with 347664, I stumbled upon another way to perform the "gift that keeps on giving" as @ahamlin put it. Steps to reproduce: 1. Add a unconfirmed user to your account 2. Navigate to https://alerts.newrelic.com/accounts/1523936/channels 3. Click ...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...
SecurEnvoy SecurMail Insecure Direct Object Reference Vulnerability
SecurEnvoy SecurMail allows you to send email securely. An insecure direct object reference vulnerability exists in SecurEnvoy SecurMail before 9.2.501. A remote authenticated user can exploit this vulnerability to read arbitrary email messages via the option1 parameter in the reply action of...
How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net
! (CSRF + Flash + HTTP 307)=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Exploit for asp platform in category web applications ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number:...
SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number: CVE-2018-7701,...
TestLink Insecure Direct Object Reference Vulnerability
Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . TestLink 1.9.16 and previous versions of a security vulnerability . A remote attacker can send a...
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
The version of Telerik UI for ASP.NET AJAX installed on the remote Windows host is affected by multiple vulnerabilities in Telerik.Web.UI.dll. An unauthenticated, remote attacker can exploit this, via specially crafted data, to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Securit...
TestLink Open Source Test Management Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: 1.9.17 fixed version: 1.9.17 after November 2017, and the current...
FreeBSD : GitLab -- multiple vulnerabilities (86291013-16e6-11e8-ae9f-d43d7e971a1b)
GitLab reports : SnippetFinder information disclosure The GitLab SnippetFinder component contained an information disclosure which allowed access to snippets restricted to Only team members or configured as disabled. The issue is now resolved in the latest version. LDAP API authorization issue An...
GitLab -- multiple vulnerabilities
GitLab reports: SnippetFinder information disclosure The GitLab SnippetFinder component contained an information disclosure which allowed access to snippets restricted to Only team members or configured as disabled. The issue is now resolved in the latest version. LDAP API authorization issue An...