Lucene search
K

943 matches found

ATTACKERKB
ATTACKERKB
added 2022/05/10 7:15 p.m.2 views

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

7.5CVSS7.1AI score0.02809EPSS
Exploits1References4
Prion
Prion
added 2022/05/10 7:15 p.m.12 views

Spoofing

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

5CVSS7.7AI score0.02809EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/10 6:51 p.m.23 views

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

7.9AI score0.02809EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.4 views

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to a deficiency in the restriction on XML references to external objects during the processing of ReportTemplateService parameters. Exploiting this vulnerability can allow an attacker to...

7.8CVSS6.9AI score0.02169EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/03/16 1:15 a.m.15 views

Directory traversal

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

5CVSS6.2AI score0.01245EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/03/16 12:0 a.m.1 views

PT-2022-11955 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye & Crucible versions prior to 4.8.9 Description: The issue allows remote attackers to browse local files due to an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. This is possible because of a...

7.5CVSS7.1AI score0.01245EPSS
Exploits0References6
Atlassian
Atlassian
added 2022/03/07 8:2 a.m.75 views

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2022/03/07 8:2 a.m.52 views

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

7.5CVSS6AI score0.01245EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.4 views

The vulnerability of the Ruby interpreter lies in the improper limitation of XML references to external objects, which allows attackers to compromise the integrity of data.

The vulnerability of the Ruby interpreter is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

7.5CVSS6.7AI score0.05061EPSS
Exploits0References8Affected Software4
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.233 views

Hospitals Patient Records Management System 1.0 Account TakeOver

Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

0.1AI score
Exploits0
OSV
OSV
added 2021/10/26 5:15 a.m.5 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

7.5CVSS7.2AI score0.0117EPSS
Exploits0References1
NVD
NVD
added 2021/10/26 5:15 a.m.25 views

CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...

7.5CVSS0.0157EPSS
Exploits0References1
NVD
NVD
added 2021/10/26 5:15 a.m.19 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

7.5CVSS0.0117EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/26 4:15 a.m.15 views

CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...

6.8AI score0.0157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/26 4:15 a.m.13 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

6.8AI score0.0117EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/26 4:15 a.m.22 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

7.6AI score0.0117EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/10/18 4:31 a.m.42 views

Anonymous users can view names of private projects and filters via Average Time in Status Gadget - CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...

7.5CVSS5.6AI score0.0157EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/09/30 11:15 a.m.13 views

CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

8.8CVSS0.00842EPSS
Exploits1References1
Prion
Prion
added 2021/09/30 11:15 a.m.21 views

Authorization

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

6.5CVSS8.7AI score0.00842EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/30 10:41 a.m.16 views

CVE-2021-41298 ECOA BAS controller - Improper Access Control

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

8.8CVSS8.9AI score0.00842EPSS
Exploits1References1
Rows per page
Query Builder