CVE-2024-22455

Dell Mobility - E-Lab Navigator, versions 3.1.9, 3.2.0, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks...

CVE-2024-22455

Dell Mobility - E-Lab Navigator (versions 3.1.9 and 3.2.0) contains an Authorization Bypass Through User-Controlled Key vulnerability. Multiple connected sources describe an Insecure Direct Object Reference in Feedback submission that could allow an unauthenticated, locally positioned attacker to...

CVE-2024-22455

Dell Mobility - E-Lab Navigator, versions 3.1.9, 3.2.0, contains an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks...

PT-2024-19434 · Dell · Dell Mobility - E-Lab Navigator

Name of the Vulnerable Software and Affected Versions: Dell Mobility - E-Lab Navigator versions 3.1.9 through 3.2.0 Description: The issue allows an unauthenticated attacker with local access to potentially exploit the vulnerability, leading to the launch of phishing attacks. It is related to an...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

Design/Logic Flaw

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

Ellucian Security Breach

Ellucian is Ellucian's open and flexible technology ecosystem supporting SaaS. A security vulnerability exists in Ellucian Banner version 9.17 and earlier, which stems from an insecure direct object reference IDOR vulnerability in the endpoint /StudentSelfService/ssb/studentCard/retrieveData...

CVE-2023-49339

CVE-2023-49339 affects Ellucian Banner 9.17 (and earlier per sources) with an Insecure Direct Object Reference (IDOR) via a modified bannerId to /StudentSelfService/ssb/studentCard/retrieveData. Root cause: IDOR enabling potential unauthorized data access; CVSS 3.1 base score 6.5 (MEDIUM) with Co...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

CVE-2023-49339

Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...

PT-2024-13730 · Ellucian · Ellucian Banner

Name of the Vulnerable Software and Affected Versions: Ellucian Banner version 9.17 Description: The issue allows Insecure Direct Object Reference IDOR via a modified bannerId to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access...

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

Input validation

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

Input validation

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

CVE-2023-6983

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

CVE-2023-6983

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...