CVE-2021-42640

CVE-2021-42640 affects PrinterLogic Web Stack versions 19.1.1.13 SP9 and below. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows an unauthenticated attacker to reassign drivers for any printer. Root cause details indicate improper access control on object references. Im...

PrinterLogic Web Stack 安全漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native Web application from PrinterLogic USA, Inc. Enabling the It department to manage and automate the creation/propagation of PrinterObjects and printer drivers across print environments from a single management console. PrinterLogic W...

CVE-2022-22828

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string...

CVE-2022-22828

Synametrics SynaMan prior to version 5.0 is affected by CVE-2022-22828 due to an insecure direct object reference in the file-download URL. An attacker can access unshared files by modifying the base64-encoded filename string, enabling remote file disclosure. The vulnerability is exposed via the ...

Synametrics Technologies SynaMan 信息泄露漏洞

Synametrics Technologies SynaMan is a remote file manager from Synametrics Technologies, USA. Synametrics Technologies SynaMan suffers from an information disclosure vulnerability that stems from an insecure direct object reference to a file download URL in SynaMan prior to 5.0. An attacker can...

in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Insecure Direct Object Reference / IDOR vulnerability. The system's authorization functionality does not prevent one user from deleting another user by modifying the userid identifying the user. Each user has a userid 1,2,3,.... A malicious authorized...

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

Design/Logic Flaw

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

CVE-2021-36329

CVE-2021-36329 affects Dell EMC Streaming Data Platform prior to 1.3, where an Indirect Object Reference vulnerability could let a remote attacker obtain sensitive information. Multiple sources corroborate the impact as disclosure of information via indirect access. The vulnerability is documente...

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

Dell Emc Streaming Data Platform 安全漏洞

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...

Information Disclosure

concrete5/concrete5 is vulnerable to information disclosure. The vulnerability exists due to an insecure indirect object reference, allowing an attacker to access restricted files by attaching a message to the conversation...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Design/Logic Flaw

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Remote Code Execution (RCE)

moodle/moodle is vulnerable to remote code execution. The vulnerability exists due to an insecure direct object reference, allowing an attacker to fetch other users' calendar action events...

Concrete CMS < 8.5.7 Multiple Vulnerabilities

Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...