943 matches found
Design/Logic Flaw
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
WordPress User Private Files Plugin < 2.0.5 is vulnerable to Insecure Direct Object References (IDOR)
Software User Private Files Type Plugin Vulnerable versions 2.0.5 Fixed in 2.0.5 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-4836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 588e3012fbb4 Credits Dmitrii Ignatyev Require...
WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...
The vulnerability of the VBASE Automation Base software platform, related to incorrect restrictions on XML references to external objects, allows attackers to trigger service failures or gain unauthorized access to confidential data.
The vulnerability of the VBASE Automation Base software platform relates to incorrect restrictions on XML references pointing to external objects. Exploiting this vulnerability can allow attackers to cause service failures or gain unauthorized access to confidential data...
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
Simplr Registration Form Plus+ <= 2.4.5 - Subscriber+ Arbitrary User Password Change via IDOR
Description The plugin is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated...
WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3869 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e19751d1d189 Credits FearZzZz Required...
WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3998 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5e7dc9378ede Credits FearZzZz Required...
CVE-2023-4213
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-4213
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
Authorization
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-4213 Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-4213
CVE-2023-4213 concerns the WordPress plugin Simplr Registration Form Plus+ (up to version 2.4.5). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an authenticated user with subscriber-level permissions or higher access objects controlled by the user, bypass authorization...
WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)
Software Sunshine Photo Cart Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A6: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2023-41796 Patch priority Low CVSS severity Low 5.3 Developer WP Sunshine PSID 684b84aa11e3 Credits yuyudhn...
EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...
EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) Vulnerability
Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...
EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...
WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)
Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...
WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)
Software Photo Engine Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-38513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fe9d14feafc3 Credits Rafshanzani...