IBM Cloud Pak System 代码问题漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An information disclosure vulnerability exists in IBM Cloud Pak System 2.3. The vulnerability originates from an insecure direct object reference in the Sales and Service Consol...

Security Bulletin: Vulnerabilities have been addressed in IBM Cloud Pak System (Dec 2020)

Summary Multiple vulnerabilities have been identified and addressed in IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-4928 DESCRIPTION: IBM Cloud Pak System could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention...

CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392...

CVE-2020-35737

In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...

Design/Logic Flaw

In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...

CVE-2020-35737

In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...

Newgen Egov Correspondence Management System Security Breach

Newgen Egov Correspondence Management System is a correspondence management software for office environments from Newgen USA. A security vulnerability exists in Newgen eGov 12.0 Correspondence Management System, which can be exploited by an attacker to modify another user's personal information...

h1-ctf: Hacky Holidays Writeup

On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...

Stripe: GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson

@bubbounty discovered an Insecure Direct Object Reference IDOR vulnerability that allowed someone with prior Admin access to a Stripe account to add a co-founder to a Stripe Atlas application belonging to the merchant account they used to administer. The issue has been addressed by only allowing...

h1-ctf: Stopping Grinch to ruin XMas!

Hello, Gonna just submit flags first then will send my write up later tomorrow. flag1: flag48104912-28b0-494a-9995-a203d1e261e7 https://hackyholidays.h1ctf.com/robots.txt recon revealing hidden endpoint flag2: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 https://hackyholidays.h1ctf.com/s3cr3t-ar3a...

Zyxel P1302-T10 Code Issue Vulnerability

The Zyxel P1302-T10 is a modem device from China-based Zyxel. A security vulnerability exists in Zyxel s P1302-T10 v3, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to gain privileges and access to certain administrative pages...

Design/Logic Flaw

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...

CVE-2020-20183

CVE-2020-20183 affects Zyxel P1302-T10 v3 (firmware

FreeBSD : glpi -- Insecure Direct Object Reference on ajax/comments.ph (190176ce-3b3a-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc.. C Tenable Network Security, Inc. The descriptive text and package checks ...

FreeBSD : glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php (695b2310-3b3a-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc.. C Tenable Network Security, Inc. The descriptive text and package checks in this...

Zyxel P1302-T10 代码问题漏洞

The Zyxel P1302-T10 is a modem device from China-based Zyxel. A security vulnerability exists in Zyxel s P1302-T10 v3, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to gain privileges and access to certain administrative pages...

Employee Performance Evaluation System 1.0 Insecure Direct Object Reference

Exploit Title: Employee Performance Evaluation System 1.0 - Able to delete Admin user from Local account Unauthenticated Insecure Direct Object Reference IDOR Date: 09/12/2020 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com Software Link:...

Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony'...

GLPI Insecure Direct Object Reference Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

GLPI Insecure Direct Object Reference Vulnerability (CNVD-2020-67631)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...