Lucene search
K

943 matches found

Prion
Prion
added 2023/11/14 5:15 a.m.12 views

Design/Logic Flaw

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

4CVSS7.2AI score0.00581EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 12:0 a.m.12 views

CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

7AI score0.00581EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.17 views

WordPress User Private Files Plugin < 2.0.5 is vulnerable to Insecure Direct Object References (IDOR)

Software User Private Files Type Plugin Vulnerable versions 2.0.5 Fixed in 2.0.5 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-4836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 588e3012fbb4 Credits Dmitrii Ignatyev Require...

4.3CVSS7.1AI score0.00487EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/10/22 12:0 a.m.18 views

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

6.5CVSS6.5AI score0.00527EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.5 views

The vulnerability of the VBASE Automation Base software platform, related to incorrect restrictions on XML references to external objects, allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the VBASE Automation Base software platform relates to incorrect restrictions on XML references pointing to external objects. Exploiting this vulnerability can allow attackers to cause service failures or gain unauthorized access to confidential data...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2023/09/27 4:54 p.m.47 views

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

4.4CVSS6.5AI score0.0089EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/09/14 12:0 a.m.11 views

Simplr Registration Form Plus+ <= 2.4.5 - Subscriber+ Arbitrary User Password Change via IDOR

Description The plugin is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated...

8.8CVSS6.2AI score0.00615EPSS
Exploits0
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.19 views

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3869 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e19751d1d189 Credits FearZzZz Required...

5.3CVSS6.8AI score0.00401EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.14 views

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3998 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5e7dc9378ede Credits FearZzZz Required...

5.3CVSS6.8AI score0.00401EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/13 3:15 a.m.4 views

CVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS7.3AI score0.00615EPSS
Exploits0References2
NVD
NVD
added 2023/09/13 3:15 a.m.12 views

CVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.5AI score0.00615EPSS
Exploits0References2
Prion
Prion
added 2023/09/13 3:15 a.m.17 views

Authorization

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

6.5CVSS8.4AI score0.00615EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/13 2:54 a.m.21 views

CVE-2023-4213 Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.6AI score0.00615EPSS
Exploits0References2
CVE
CVE
added 2023/09/13 2:54 a.m.55 views

CVE-2023-4213

CVE-2023-4213 concerns the WordPress plugin Simplr Registration Form Plus+ (up to version 2.4.5). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an authenticated user with subscriber-level permissions or higher access objects controlled by the user, bypass authorization...

8.8CVSS8.4AI score0.00615EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/05 12:0 a.m.10 views

WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)

Software Sunshine Photo Cart Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A6: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2023-41796 Patch priority Low CVSS severity Low 5.3 Developer WP Sunshine PSID 684b84aa11e3 Credits yuyudhn...

6.5CVSS6.5AI score0.00359EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.257 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.203 views

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) Vulnerability

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/08/09 12:0 a.m.367 views

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...

9.8CVSS7.3AI score0.00805EPSS
Exploits1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.16 views

WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)

Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...

4.3CVSS6.8AI score0.0043EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/07/20 12:0 a.m.13 views

WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Photo Engine Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-38513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fe9d14feafc3 Credits Rafshanzani...

5.4CVSS6.5AI score0.00323EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder