4405 matches found
KubeSphere IDOR vulnerability
An Insecure Direct Object Reference IDOR vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks...
CVE-2024-46528
An Insecure Direct Object Reference IDOR vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks...
PT-2024-32021 · Unknown · Kubesphere +1
Name of the Vulnerable Software and Affected Versions: KubeSphere versions 3.x through 3.4.1 KubeSphere versions 4.x through 4.1.1 KubeSphere Enterprise versions 3.x through 3.5.0 KubeSphere Enterprise versions 4.x through 4.1.3 Description: An Insecure Direct Object Reference IDOR vulnerability...
open-webui Insecure Direct Object Reference (IDOR) vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
GHSA-XCVC-5HGV-PHQG open-webui Insecure Direct Object Reference (IDOR) vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
CVE-2024-7041
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
CVE-2024-7041 IDOR in open-webui/open-webui
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
PT-2024-38041 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists, occurring in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update. The decentralization design is flawed, allowing...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8 that stems from the presence of an insecure direct object reference IDOR vulnerability that allows an attacker to edit another user'...
Insecure Direct Object Reference (IDOR)
org.eclipse.edc,control-plane-catalog is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing filtering on single dataset requests, which fails to properly verify access permissions for restricted datasets. It allows unauthorized parties to access sensitive...
Mars: █████████ when adding branches to your account
A vulnerability was identified in the branch addition functionality of the Royal Canin specialized channel website. The issue was classified as an Insecure Direct Object Reference IDOR vulnerability, which allowed unauthorized users to add branches to any account by manipulating the customer's...
Transport Management System 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Transport Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...
Event Management System 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Event Management System v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...
Insecure Direct Object Reference (IDOR)
aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...
Insecure Direct Object References
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Direct Object References due to ‘profileid’ parameter being manipulated to switch to a different post, when attempting to update a profile entry. This allows users to enumerate other...
DEBIAN-CVE-2024-46866
In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab...
Simbarashe Financial Services 2.9.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Simbarashe Financial Services v2.9.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...
SchoolPlus 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : SchoolPlus v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...
Authorization Bypass Through User-Controlled Key
Overview aimeos/ai-controller-frontend is an Aimeos business controller logic for frontend Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the account profile page. An attacker can manipulate account details and disable subscriptions an...
CVE-2024-39319
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...