4405 matches found
PT-2023-14197 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.31 Description: The issue allows any visitor to display information about any booking by manipulating the appointment id query parameter in the thank you page, potentially exposing full name...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...
memos 安全漏洞
memos is an open source hosted meme center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete memos via IDOR...
memos 授权问题漏洞
memos is an open source hosted meme center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to archive any post public/private using IDOR...
memos 访问控制错误漏洞
memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in versions of memos prior to 0.9.1, which can be exploited by an attacker to archive victim memos via IDOR...
memos 访问控制错误漏洞
memos is an open source hosted memo center with knowledge management and social features. An Access Control Error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to obtain all files in any user's resources and delete any file of any user via IDOR...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions of memos prior to 0.9.1, which can be exploited by an attacker to reset any user's API via IDOR...
memos 访问控制错误漏洞
memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to IDOR other public and private memos...
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...
Telos Alliance Omnia MPX Node Insecure Direct Object Reference Vulnerability
The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
Input validation
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995 TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995 TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995
The CVE-2022-3995 entry concerns the WordPress TeraWallet plugin with insecure direct object reference (IDOR) in versions up to 1.4.3. Root cause: insufficient validation of the user-controlled key in the lock_unlock_terawallet AJAX action, enabling authenticated users with subscriber-level permi...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
Telos Alliance Omnia MPX Node 安全漏洞
The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...
WordPress plugin TeraWallet 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An insecure direct object...