943 matches found
Insecure Direct Object References(IDOR)
github.com/usememos/memos is vulnerable to insecure direct object references. Comparison of object references instead of object contents due to insecure direct object references allows an attacker to delete the victim's resources...
Improper Authorization
github.com/usememos/memos is vulnerable to improper authorization. The library uses insecure direct object references which allows an attacker to access all private memos of a user and edit them...
Insecure Direct Object References(IDOR)
github.com/usememos/memos is vulnerable to insecure direct object references. Improper Authorization due to insecure direct object references allow an attacker to trigger the Reset API on user's behalf...
Privilege Escalation
github.com/usememos/memos is vulnerable to privilege escalation. Incorrect use of privileged APIs due to insecure direct object references allows an attacker to archive private memos and delete/edit shortcuts on the user's behalf...
Insecure Direct Object References(IDOR)
github.com/usememos/memos is vulnerable to insecure direct object references. The vulnerability allows an attacker to delete all the available memos Public/Private in the entire application since the memos id is numeric & is sequentially incremented which is easy to guess and perform the attack...
GHSA-M5PR-WM6Q-X4G2 usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos 0.9.0 and prior...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists in multiple functions due to insecure direct object references which allows an attacker to perform actions on a user's behalf via Change Password feature...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Authorization Bypass IDOR Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voice...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authorization Bypass (IDOR)
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
CVE-2022-24188
The CVE-2022-24188 entry concerns Ourphoto App 1.4.1, where the /device/signin endpoint returns clear-text credentials (deviceVideoCallPassword and mqttPassword). The issue is compounded by lack of session management and insecure direct object references, enabling disclosure of passwords for othe...
WordPress Directorist plugin <= 7.4.2.1 - Auth. Insecure Direct Object References (IDOR) vulnerability
Auth. Insecure Direct Object References IDOR vulnerability leading to arbitrary user password update discovered by cydave in the WordPress Directorist plugin versions = 7.4.2.1. Solution Update the WordPress Directorist plugin to the latest available version at least 7.4.2.2...
CVE-2022-43492
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
Spoofing
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
CVE-2022-43492
CVE-2022-43492 affects WordPress with the wpDiscuz plugin at version 7.4.2. It is an Insecure Direct Object References (IDOR) in the Comments feature. The NVD entry lists CVSS v3.1 base metrics: 8.8 (High) with NEURAL: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; PatchStack cites a lower impact vector. R...
CVE-2022-40206
Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...
CVE-2022-40206
Summary (CVE-2022-40206) Insecure Direct Object References (IDOR) in the WordPress wpForo Forum plugin <= 2.0.5. Affected component: wpForo Forum plugin for WordPress. Root cause: IDOR allows users with subscriber or higher roles to change a forum post’s visibility to private/public. Impact: e...
CVE-2022-40205 WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability
Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...
WordPress plugin wpForo Forum 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2022-25282 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions = 2.0.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or...