Lucene search
K

943 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/15 12:15 p.m.3 views

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

9.1CVSS5.9AI score0.00885EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/08/31 1:24 p.m.35 views

U.S. Dept Of Defense: IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/

Dear DoD team, I found one critical bug on your domain: https://██████/ It's IDOR. Also this domain is from Hack US program. What is that IDOR? Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access...

6.8AI score
Exploits0
NVD
NVD
added 2022/08/05 4:15 p.m.8 views

CVE-2022-34769

Michlol - rashim web interface Insecure direct object references IDOR. First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goa...

6.3CVSS0.00319EPSS
Exploits0References1
OSV
OSV
added 2022/08/05 4:15 p.m.3 views

CVE-2022-34769

Michlol - rashim web interface Insecure direct object references IDOR. First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goa...

5.5CVSS5.8AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/05 3:25 p.m.12 views

CVE-2022-34769 Michlol - rashim web interface Insecure direct object references (IDOR)

Michlol - rashim web interface Insecure direct object references IDOR. First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goa...

6.3CVSS6.5AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/05 3:25 p.m.8 views

CVE-2022-34769 Michlol - rashim web interface Insecure direct object references (IDOR)

Michlol - rashim web interface Insecure direct object references IDOR. First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goa...

6.3CVSS6.7AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2022/07/20 4:15 p.m.32 views

CVE-2022-33944

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...

6.5CVSS0.00866EPSS
Exploits0References1
Prion
Prion
added 2022/07/20 4:15 p.m.34 views

Design/Logic Flaw

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...

4CVSS7.2AI score0.00866EPSS
Exploits0References1
CVE
CVE
added 2022/07/20 3:24 p.m.62 views

CVE-2022-33944

The CVE-2022-33944 case concerns MiCODUS MV720 GPS tracker’s web server, which is vulnerable to an authenticated insecure direct object reference (IDOR) on the endpoint and the POST parameter “Device ID,” allowing arbitrary device IDs to be supplied. This vulnerability is highlighted in the ICS a...

6.5CVSS6.8AI score0.00866EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2022/07/18 8:39 a.m.12 views

Insecure Direct Object References when creating a list

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /list HTTP/2 Host: bookwyrm.social Cookie: djangolanguage=None; csrftoken=I5lj4znBJ9B5HnT3FAsII67G1EISidIKGlsIz5ElN9kmlDwucM2hGKx0Fy4gM8vj;...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/15 4:5 p.m.10 views

Insecure direct object references in "review" function

Description Insecure direct object references in review a book function allows one user to create a comment on behalf of another. Proof of Concept POST /post/review HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=bYsdqkQkkbYXZYRVd8AynhYxG1rBb2AoOfAO76XCYmgzXK3A266EpZamGcKL0pN5;...

0.4AI score
Exploits0References1
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.3 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server has a security vulnerability that stems from the presence of insecure object references, which can be exploited by an attacker to download projects and export them from projects to which they do not have access...

5.3CVSS5.9AI score0.00471EPSS
Exploits0References2
Huntr
Huntr
added 2022/07/14 6:32 a.m.10 views

Insecure direct object references in `create-shelf` function

Description Insecure direct object references in create-shelf function allows one user to create a shelf on behalf of another. Proof of Concept POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa;...

0.4AI score
Exploits0References1
Cvelist
Cvelist
added 2022/07/06 1:11 p.m.24 views

CVE-2022-23173 Priority - Priority web Insecure direct object references (IDOR)

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get a...

5.5CVSS6.5AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2022/05/20 9:15 p.m.16 views

CVE-2022-29434

Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...

6.3CVSS0.00658EPSS
Exploits0References2
Prion
Prion
added 2022/05/20 9:15 p.m.12 views

Spoofing

Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...

4CVSS5.4AI score0.00658EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/20 8:19 p.m.83 views

CVE-2022-29434

The CVE-2022-29434 entry concerns the WordPress Spiffy Calendar plugin (versions

6.3CVSS5.6AI score0.00658EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.4 views

WordPress plugin Spiffy Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Spiffy Calendar plugin 4.9.0 and earlier versions are vulnerable to an insecure direct object...

6.3CVSS5.7AI score0.00658EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.5 views

The vulnerability of the software import function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to disclose protected information.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software import function NFVIS is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using specially created...

7.8CVSS7.4AI score0.10922EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/10 7:15 p.m.4 views

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

7.5CVSS5.8AI score0.02809EPSS
Exploits1References3
Rows per page
Query Builder