Teamcenter 代码问题漏洞

Siemens Teamcenter, a product lifecycle management computer software application from Siemens, Germany, is vulnerable to a code issue that results from an application containing an insecure direct object reference IDOR vulnerability that could be exploited by an attacker to directly access object...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...

OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Date: 31/08/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-4035...

OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-40352 How to Reproduc...

Bus Pass Management System 1.0 Insecure Direct Object Reference

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

CVE-2021-36032

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...

CVE-2021-40352

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...

CVE-2021-40352

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...

Design/Logic Flaw

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...

CVE-2021-40352

OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...

CVE-2021-40352

OpenEMR 6.0.0 is affected by CVE-2021-40352 due to an insecure direct object reference in pnotes_print.php?noteid= that allows reading other users’ messages (IDOR). Exploitation PoCs exist (e.g., PoC notes/public exploits show changing noteid to access others’ messages, including admin messages)....

OpenEMR 6.0.0 Insecure Direct Object Reference

Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

Deserialization of untrusted data

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

CVE-2021-22023

CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

GHSA-54GP-QFF8-946C Insecure direct object reference of log files of the Import/Export feature

Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...

Insecure direct object reference of log files of the Import/Export feature

Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...

VMware vRealize Operations 代码问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. A code issue vulnerability exists in Vmware vRealize Operations Manager that stems from an unsaf...