4405 matches found
CVE-2022-42067
CVE-2022-42067 concerns an Insecure Direct Object Reference (IDOR) vulnerability in the Online Birth Certificate Management System version 1.0. The available documents identify the affected product and vulnerability class but do not provide deeper root-cause details, exploit vectors, or explicit ...
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...
Design/Logic Flaw
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...
PT-2022-18934 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows revealing information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations: At the moment, there is no information...
Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
Account Takeover (ATO)
Pageflow is vulnerable to account takeover ATO. An insecure direct object reference is possible due to improper restriction to the user membership base object. An attacker with the manager role can modify any users memberships, resulting in account takeover...
CVE-2022-38789
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
Design/Logic Flaw
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
CVE-2022-38789
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...
CVE-2022-38789
CVE-2022-38789 affects Airties Smart Wi‑Fi devices released before 2020-08-04. The issue stems from an Insecure Direct Object Reference that lets an attacker change the main/guest SSID and PSK to arbitrary values and map the LAN. Multiple sources (NVD/Red Hat entry, CN/PRION/PTSecurity summaries)...
Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
Airties Smart Wi-Fi 安全漏洞
Airties Smart Wi-Fi is a series of Wi-Fi extenders from Airties Turkey. A security vulnerability exists in Airties Smart Wi-Fi versions prior to 2020-08-04, which stems from an insecure direct object reference...
PT-2022-24568 · Airties · Airties Smart Wi-Fi
Name of the Vulnerable Software and Affected Versions: Airties Smart Wi-Fi versions prior to 2020-08-04 Description: The issue allows attackers to change the main/guest SSID and the PSK to arbitrary values and map the LAN due to Insecure Direct Object Reference. Recommendations: For versions prio...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Squiz Matrix 安全漏洞
Squiz Matrix is a web CMS from Squiz, Inc. that helps digital marketers create and publish content while building websites without deep technical skills. A security vulnerability exists in Squiz Matrix CMS version 6.20, which stems from an insecure direct object reference vulnerability when it...
CVE-2022-32277
Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Rockstar Games: Modifying Sprunk vs eCola crew data
In this report, the researcher demonstrated an Insecure Direct Object Reference vulnerability that was exploitable in certain Rockstar Official Crews on the Social Club website. Rockstar Official Crews, unlike user-made Crews, use a flat hierarchy where all members are set to the same effective...
CVE-2022-34621
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...