943 matches found
Atlassian Jira 8.0.0 < 8.5.7 Disclosure Of Private Project Titles
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...
Atlassian Jira 8.14.x < 8.20.0 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.0. It is, therefore, affected by multiple vulnerabilities: - A Insecure Direct Object References IDOR vulnerability which may allow unauthenticated remote attackers to vi...
PT-2023-18684 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress versions up to, and including, 2.10.7 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to...
K01948202: Linux kernel vulnerability CVE-2016-0728
Security Advisory Description The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via...
SUSE CVE-2018-5099
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...
CVE-2022-34138
Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...
CVE-2022-34138
Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...
Information disclosure
Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...
CVE-2022-34138
Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...
CVE-2022-34138
CVE-2022-34138 describes an insecure direct object reference (IDOR) in the web server of Biltema IP and Baby Camera Software version v124. The vulnerability allows an attacker to access sensitive information via the product’s web server. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
CVE-2022-34138
Insecure direct object references IDOR in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information...
Improper Authorization
wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized annotations from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...
Improper Authorization
wallabag/wallabag is vulnerable to Improper Authorization. A remote attacker is able to gain access to unauthorized projects from other users due to insecure direct object references which is made possible because of improper validation of the user permissions...
WordPress Quick Restaurant Menu Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software Quick Restaurant Menu Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0550 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 53344b864cc7 Credits Marco...
PT-2023-13785 · L Soft · Listserv 17
Name of the Vulnerable Software and Affected Versions: LISTSERV 17 Description: The LISTSERV 17 web interface is affected by an issue that allows remote attackers to conduct Insecure Direct Object References IDOR attacks. This is achieved via a modified email address in a "wa.exe" URL, resulting ...
CVE-2022-40319
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...
EUVD-2022-43610
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...
WordPress WooCommerce Eway Gateway Plugin <= 3.5.0 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Eway Gateway Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.5.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 9e6ef9dda0ad Credits WordfenceTeam...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. Insecure direct object references of the library allows an attacker to retrieve or delete files uploaded by other users...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. Access control bypass through insecure direct object references allows an attacker to archive victim's memos...