4405 matches found
ProLogin 1.9 Insecure Direct Object Reference
==================================================================================================================================== | Title : ProLogin V1.9 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
Authorization
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-1889
The Directorist WordPress plugin (versions up to and including 7.5.4) is affected by an Insecure Direct Object Reference in the listing_task function. The issue arises from insufficient validation/authorization, enabling authenticated users with subscriber-level permissions and higher to delete a...
CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation Vulnerabilities
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...
Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...
FreeBSD : Kanboard -- Multiple vulnerabilities (bfca647c-0456-11ee-bafd-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bfca647c-0456-11ee-bafd-b42e991fc52e advisory. - Kanboard is open source project management software that focuses on the Kanban methodology...
Unable to install Citrix FAS - Error ID: XDMI:EA63CDB6
Unable to install Citrix FAS 2209 on Microsoft server 2019 with error message : Error ID: XDMI:EA63CDB6 - Object reference not set to an instance of an object...
DEBIAN-CVE-2023-33956
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference IDOR vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any...
CVE-2023-33956
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference IDOR vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any...
CVE-2023-33956 Parameter based Indirect Object Referencing leading to private file exposure in Kanboard
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference IDOR vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any...
CVE-2023-33956
The CVE-2023-33956 entry affects Kanboard before 1.2.30, with an IDOR in a URL parameter that lets any authenticated user read files uploaded by others (under /files), enabling unauthorized disclosure of sensitive documents. The vulnerability stems from insecure direct object reference without pr...
PT-2023-24596 · Kanboard · Kanboard
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.30 Description: The issue is related to an Insecure direct object reference IDOR vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other...
Kanboard 信息泄露漏洞
Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels according to the business. An information disclosure vulnerability exists in Kanboard versions prior to 1.2.30, which stems from an insecure direct object reference IDOR vulnerabili...
Shop Beat Media Player 安全漏洞
Shop Beat is a media player from Shop Beat, Inc. A security vulnerability exists in Shop Beat Media Player versions 2.5.95 through 3.2.57 that stems from vulnerability to insecure direct object reference attacks...
PT-2023-13465 · Unknown · Shop Beat Media Player
Name of the Vulnerable Software and Affected Versions: Shop Beat Media Player versions 2.5.95 through 3.2.57 Description: The issue concerns an Insecure Direct Object Reference IDOR vulnerability. It is exploited via the controlpanel.shopbeat.co.za endpoint. Recommendations: For versions 2.5.95...