Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4391 matches found

NVD
NVDadded 2020/11/26 5:15 p.m.15 views

CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

4.3CVSS4.4AI score0.00231EPSS
Exploits0References1
OSV
OSVadded 2020/11/26 5:15 p.m.21 views

CVE-2020-27663

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...

4.3CVSS6.5AI score
Exploits0References1
Prion
Prionadded 2020/11/26 5:15 p.m.18 views

Design/Logic Flaw

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...

4CVSS4.4AI score0.00231EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCveadded 2020/11/26 5:15 p.m.19 views

CVE-2020-27663

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...

4.3CVSS6.5AI score0.00231EPSS
Exploits0References3
OSV
OSVadded 2020/11/26 5:15 p.m.0 views

UBUNTU-CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
OSV
OSVadded 2020/11/26 5:15 p.m.0 views

UBUNTU-CVE-2020-27663

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any itemType e.g., Ticket, Users, etc...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelistadded 2020/11/26 4:46 p.m.18 views

CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

4.4AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVDadded 2020/11/26 12:0 a.m.4 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

4.3CVSS6.4AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVDadded 2020/11/26 12:0 a.m.2 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

4.3CVSS6.4AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2020/11/26 12:0 a.m.4 views

PT-2020-16755 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue affects the ajax/getDropdownValue.php file, presenting an Insecure Direct Object Reference IDOR vulnerability. This allows an attacker to read data from any itemType, such as Ticket or Users...

10CVSS6.3AI score0.94395EPSS
Exploits32References129
ThreatPost
ThreatPostadded 2020/10/29 1:14 p.m.12 views

Bug-Bounty Awards Spike 26% in 2020

Cross-site scripting XSS remained the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers in 2020 for a second year running, according to a list of top 10 vulnerabilities released on Thursday by HackerOne. The vulnerability — which enables attackers to...

0.1AI score
Exploits0References4
UbuntuCve
UbuntuCveadded 2020/10/28 7:15 p.m.17 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.7AI score0.00157EPSS
Exploits1References3
Prion
Prionadded 2020/10/28 7:15 p.m.12 views

Security feature bypass

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

4CVSS6.3AI score0.00157EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2020/10/28 7:15 p.m.0 views

UBUNTU-CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.6AI score0.00157EPSS
Exploits1References4
Cvelist
Cvelistadded 2020/10/28 6:44 p.m.8 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.4AI score0.00157EPSS
Exploits1References2
CVE
CVEadded 2020/10/28 6:44 p.m.41 views

CVE-2020-27742

CVE-2020-27742 affects Citadel WebCit (through version 926) and is an Insecure Direct Object Reference vulnerability that lets an authenticated remote attacker read someone else’s emails via the msg_confirm_move template. The vulnerability is documented across multiple sources (NVD entry and Red ...

6.5CVSS6.3AI score0.00157EPSS
Exploits1References2Affected Software1
FreeBSD
FreeBSDadded 2020/10/22 12:0 a.m.26 views

glpi -- Insecure Direct Object Reference on ajax/comments.ph

MITRE Corporation reports: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

4.3CVSS2.6AI score0.00231EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2020/10/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-11357

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

9.8CVSS7.7AI score0.93676EPSS
Exploits5References1
NVD
NVDadded 2020/10/05 2:15 p.m.10 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS0.00135EPSS
Exploits1References2
OSV
OSVadded 2020/10/05 2:15 p.m.12 views

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4.3CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder