4391 matches found
Sourcecodester Phone Shop Sales Management System has an unspecified vulnerability
SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. A security vulnerability exists in Sourcecodester Phone Shop Sales Managements System, which stems from the fact that Sourcecodester Phone Shop Sales Managements...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
Design/Logic Flaw
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference IDOR. Any attacker will be able to see the invoices of different users by changing the id parameter...
CVE-2021-35337
SourceCodester Phone Shop Sales Management System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). The root cause is improper access control that lets an attacker change the id parameter to view invoices of other users. Reported across multiple sources (NVD entry CVE-2021-35337; CNVD...
Sourcecodester Phone Shop Sales Managements System 安全漏洞
SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. A security vulnerability exists in Sourcecodester Phone Shop Sales Managements System, which stems from the fact that Sourcecodester Phone Shop Sales Managements...
Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR) Vulnerability
Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference IDOR Exploit Author: Pratik Khalane Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on:...
CVE-2021-31927
An Insecure Direct Object Reference IDOR vulnerability in Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2...
CVE-2021-31927
CVE-2021-31927 describes an Insecure Direct Object Reference (IDOR) in Annex Cloud Loyalty Experience Platform versions earlier than 2021.1.0.1, allowing any authenticated user to modify existing users across environments/clients. The issue is fixed in 2021.1.0.2. Affected component: Annex Cloud ...
PT-2021-15855 · WordPress · Listeo
Name of the Vulnerable Software and Affected Versions: Listeo WordPress theme versions prior to 1.6.11 Description: The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belo...
WordPress 插件 访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Listeo WordPress has a security vulnerability before...
Prototype pollution in json-pointer
This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...
Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1
9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control IDOR Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
UBUNTU-CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions"
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
PT-2021-14421 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns an Insecure Direct Object Reference IDOR on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search...