CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

CVE-2022-29008

An insecure direct object reference IDOR vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information...

CVE-2022-29008

An insecure direct object reference IDOR vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information...

PT-2022-13821 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE/CE versions 11.0 through 14.8.5 Gitlab EE/CE versions 14.9 through 14.9.3 Gitlab EE/CE versions 14.10 through 14.10.0 Description: The issue is related to an insecure direct object reference vulnerability. This vulnerability may all...

Bus Pass Management System 安全漏洞

Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...

LMS Doctor 2 Factor Authentication for Moodle 安全漏洞

LMS Doctor 2 Factor Authentication for Moodle is a Moodle plugin for secondary authentication from LMS Doctor. A security vulnerability exists in LMS Doctor 2 Factor Authentication for Moodle that stems from the presence of an insecure direct object reference IDOR. A remote attacker could exploit...

Design/Logic Flaw

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin although this cannot happen according to the documentation via Insecure Direct Object Reference IDOR vulnerability...

Tyler Technologies Tyler Odyssey信息泄露漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

Design/Logic Flaw

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

CVE-2022-26665

Tyler Odyssey Portal (before 17.1.20) is affected by CVE-2022-26665 due to an Insecure Direct Object Reference (IDOR) vulnerability in what appears to be the platform’s handling of case records. The issue could allow an external party to access sensitive case records. Connected sources confirm th...

Tyler Technologies Tyler Odyssey 安全漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...

PT-2022-17995 · Tyler · Tyler Odyssey Portal

Name of the Vulnerable Software and Affected Versions: Tyler Odyssey Portal platform versions prior to 17.1.20 Description: An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform. This may allow an external party to access sensitive case records. Recommendations: Fo...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

Design/Logic Flaw

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

VulnCheck KEV: CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

MTN Group: Unprotected Direct Object Reference

Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...