CVE-2022-34150 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...

Code injection

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

HYPR Server contains an Insecure Direct Object Reference (IDOR) in the Device Manager page. Remote authenticated attackers can tamper parameters to add a FIDO2 authenticator to arbitrary accounts. Affected: HYPR Server versions prior to 6.14.1. Remediation: upgrade to 6.14.1 or later.

MiCODUS MV720 GPS 安全漏洞

MiCODUS MV720 GPS is a GPS tracker from MiCODUS Corporation. A security vulnerability exists in the MiCODUS MV720 GPS tracker that originates from an authenticated, insecure direct object reference vulnerability in the main web server on the endpoint and POST parameter "Device ID" that accepts an...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

Design/Logic Flaw

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

CVE-2022-1881 affects Octopus Server, with an Insecure Direct Object Reference vulnerability that lets a user download Project Exports from a project they don’t have permission to access, limited to projects in the same Space. Practical impact is potential exposure of export data. Remediation gui...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

Insecure Direct Object Reference

idno/known is vulnerable to Insecure Direct Object Reference. The vulnerable getContent and postContent functions in Homepage class in Homepage.php file allow remote authenticated attackers to gain access to certain settings of the admin panel due to the use of createGatekeeper inner function...

GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

Design/Logic Flaw

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

CVE-2022-30852

Known v1.3.1 contains an Insecure Direct Object Reference (IDOR) in the Known CMS. The vulnerability arises from getContent()/postContent() in the Homepage class (Homepage.php), where createGatekeeper() enables unauthorized access to admin settings, effectively exposing admin-panel configuration ...

Known 安全漏洞

Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from the discovery of the inclusion of an unsafe direct object reference IDOR...

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...