4391 matches found
Nextcloud Server 17.x < 17.0.5, 18.x < 18.0.3 Insecure Direct Object Reference Vulnerability (NC-SA-2020-018)
Nextcloud Server is prone to an insecure direct object reference vulnerability due to a missing ownership check on remote wipe endpoint. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...
Design/Logic Flaw
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...
CVE-2020-8154
CVE-2020-8154 is an Insecure Direct Object Reference in Nextcloud Server (noted against 18.0.x) that allowed an attacker to remotely wipe other users’ devices via a crafted request to the affected endpoint. Publicly referenced advisories (openSUSE/OpenSUSE-SU-2020:0670-1 and openSUSE-670) associa...
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...
Topcoder: IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter
Hi : On https://apps.topcoder.com/wiki/users/viewmydrafts.action, you can see your drafts, edit or delete them. Users can delete their own drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action?discardDraftId=. But there is no check and an attacker can change discardDraftId and delete...
Subex ROC Partner Settlement Insecure Direct Object Reference (IDOR) Vulnerability
Subex ROC Partner Settlement is a scalable partner management platform from Subex India. The platform supports features such as billing and revenue management. A security vulnerability exists in the Change Password feature in Subex ROC Partner Settlement version 10.5. The vulnerability can be...
CVE-2020-9384
An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...
PT-2020-20625 · Subex · Subex Roc Partner Settlement
Name of the Vulnerable Software and Affected Versions: Subex ROC Partner Settlement version 10.5 Description: An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature allows remote authenticated users to achieve account takeover via manipulation of POST parameters. Th...
CVE-2020-11589
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...
CVE-2020-11589
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...
Design/Logic Flaw
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...
CVE-2020-11589
CIPPlanner CIPAce 9.1 Build 2019092801 is affected by an Insecure Direct Object Reference information-disclosure vulnerability (CVE-2020-11589). An unauthenticated attacker can issue a GET request to a URL and access data that should be restricted to authenticated users. CVSSv3.1 vector and base ...
CVE-2020-11589
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...
WordPress Auth0 Insecure Direct Object Reference Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Auth0 versions prior to 4.0.0. The vulnerability can be exploited...
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
Design/Logic Flaw
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2020-7948
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference...
CVE-2020-7948
The CVE-2020-7948 entry describes an insecure direct object reference in the WordPress Login by Auth0 plugin prior to version 4.0.0. Affected component: the WordPress plugin, specifically the authentication/login handling. Root cause: insecure direct object reference (no details provided). Impact...