Lucene search
K

943 matches found

Hacker One
Hacker One
added 2019/07/27 7:16 p.m.35 views

Phabricator: IDOR bug to See hidden slowvote of any user even when you dont have access right

USER ACCOUNT ============= 1. user A who create slowvote 2. User B Dont have permissioon to see above slowvote 3. User C has permission to see above slowvote STEP TO REPRODUCE ================== 1. From user A account goto http://phabricator.localhost.com/vote/create/ and create a slowvote . Chan...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/13 12:0 a.m.93 views

SOCA Access Control System 180612 Information Disclosure

SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and attendance, electric...

0.2AI score
Exploits0
Prion
Prion
added 2019/05/06 8:29 p.m.14 views

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5CVSS4.9AI score0.01142EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/05/06 8:29 p.m.2 views

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5.3CVSS5.8AI score0.01142EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/05/06 7:12 p.m.17 views

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5AI score0.01142EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/04/19 12:0 a.m.6 views

The vulnerability of the Microsoft XML Core Services MSXML on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft XML Core Services MSXML in the Windows operating system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote...

9.3CVSS8.1AI score0.16204EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/03/22 12:0 a.m.4 views

The vulnerability of the Microsoft XML Core Services on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft XML Core Services on the Windows operating system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote...

7.5CVSS8.4AI score0.22187EPSS
Exploits0References3
0day.today
0day.today
added 2018/12/14 12:0 a.m.188 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium;...

6.6AI score0.07411EPSS
Exploits4
0day.today
0day.today
added 2018/12/14 12:0 a.m.42 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...

0.2AI score0.07234EPSS
Exploits4
exploitpack
exploitpack
added 2018/12/14 12:0 a.m.49 views

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...

4CVSS0.3AI score0.07234EPSS
Exploits4
exploitpack
exploitpack
added 2018/12/14 12:0 a.m.56 views

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...

4CVSS0.4AI score0.07411EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/12/14 12:0 a.m.48 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

6.5CVSS6.5AI score0.07411EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/12/13 12:0 a.m.85 views

Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

6.6AI score0.07234EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2018/10/30 12:0 a.m.6 views

The vulnerability of the XML file analyzer in the libxml2 library allows a hacker to trigger a service failure.

The vulnerability of the XML file analyzer in the libxml2 library arises from insufficient restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially crafted XML document...

7.8CVSS7.2AI score0.0634EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2018/10/16 12:0 a.m.4 views

The vulnerability of the PI Studio XML development tool analyzer arises from incorrect restrictions on XML references to external objects, allowing attackers to disclose protected information.

The vulnerability of the PI Studio XML analysis tool arises from an incorrect limitation on XML references to external objects. Operating this tool may allow a malicious actor to disclose protected information...

5.4CVSS5.5AI score0.01248EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2018/07/16 9:21 a.m.16 views

Remote Code Execution (RCE)

YamlDotNet is susceptible to remote code execution RCE through insecure direct object references. It can happen because the Deserializer.Deserialize function does not prevent deserialization of user-controlled types currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false; and crea...

7.8CVSS8.1AI score0.01469EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.39 views

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/11/29 10:39 p.m.36 views

Open-Xchange: [IDOR] Deleting other people's tasks

Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/09/01 5:49 p.m.45 views

Concrete CMS: 'cnvID' parameter vulnerable to Insecure Direct Object References

Installation Information === IIS 8, PHP 5.5, Concrete5 5.7.5.7 Default install Issue POC An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers. 1. An example blog with permission...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2017/07/20 12:0 a.m.17 views

Tilde CMS 1.01 - Multiple Vulnerabilities

Tilde CMS 1.01 - Multiple Vulnerabilities Exploit Title: Tilde CMS 1.01 Multiple Vulnerabilities Date: July 7th, 2017 Exploit Authors: Paolo Forte, Raffaele Forte Vendor Homepage: http://www.tildenetwork.com/ Version: Tilde CMS 1.0.1 Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION...

0.3AI score
Exploits0
Rows per page
Query Builder