Lucene search
K

943 matches found

Patchstack
Patchstack
added 2021/03/29 12:0 a.m.18 views

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

2.9AI score
Exploits0References1Affected Software1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.248 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control (IDOR)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 10:46 a.m.139 views

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

7.8CVSS1.1AI score0.02328EPSS
Exploits0
Cvelist
Cvelist
added 2021/02/01 11:40 p.m.27 views

CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2...

4.7AI score0.012EPSS
Exploits0References1
Prion
Prion
added 2021/01/18 2:15 a.m.18 views

Spoofing

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...

5CVSS6.1AI score0.01144EPSS
Exploits0References2Affected Software2
Zero Science Lab
Zero Science Lab
added 2020/12/02 12:0 a.m.73 views

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

9.8CVSS5.8AI score0.00924EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.410 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2020/10/28 5:50 p.m.55 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2020/10/28 5:45 p.m.66 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

5.3CVSS5.8AI score0.01144EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/10/05 8:15 a.m.26 views

Design/Logic Flaw

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

6.5CVSS8.1AI score0.01783EPSS
Exploits1References3Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/29 5:20 a.m.26 views

Cloud-y, with a chance of hacking all the wireless things

Grandstream are a provider of IP video and voice services, as well as Wi-Fi and other related services and equipment. Their products are sold in over 150 countries and they have offices around the globe. We were having a look at their GWN.Cloud management platform, used for remote device and...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.3 views

The vulnerability of the PAN-OS operating system management service in Palo Alto Networks Panorama’s centralized network interface controller system allows a hacker to read arbitrary files.

The vulnerability of the PAN-OS operating system’s centralized network interface controller in Palo Alto Networks Panorama is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

7.8CVSS7.3AI score0.01935EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/08/11 1:15 p.m.3 views

CVE-2020-10779

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

6.5CVSS6.6AI score0.00776EPSS
Exploits0References2
Prion
Prion
added 2020/08/11 1:15 p.m.21 views

Design/Logic Flaw

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

4CVSS6.8AI score0.00776EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/22 12:0 a.m.47 views

Atlassian JIRA < 7.13.16 / 8.0.x < 8.5.7 / 8.6.x < 8.9.2 / 8.10.x < 8.10.1 Insecure Direct Object References (IDOR) (JRASERVER-71275)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by Insecure Direct Object References IDOR vulnerability. Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a...

4.3CVSS5.3AI score0.01215EPSS
Exploits0References2
Prion
Prion
added 2020/07/13 5:15 a.m.15 views

Spoofing

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

4CVSS4.6AI score0.01215EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2020/07/13 4:45 a.m.24 views

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

4.6AI score0.01215EPSS
Exploits0References1
Patchstack
Patchstack
added 2020/01/27 12:0 a.m.4 views

WordPress CarSpot premium theme <= 2.2.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress CarSpot premium theme versions = 2.2.2. Solution Update the WordPress CarSpot premium theme to the latest available version at least 2.2.3...

3.1AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.272 views

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2019/09/24 12:0 a.m.6 views

WordPress Zoner - Real Estate premium theme <= 4.1.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability found by Vlad Vector Ex.Mi in WordPress Zoner - Real Estate premium theme versions = 4.1.1. Solution Update the WordPress Zoner - Real Estate premium theme to the latest available version at least 4.2...

3.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder