4391 matches found
GitLab EE Insecure Direct Object Reference Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 11.3 - 12.5 suffers from an insecure direct object...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
Design/Logic Flaw
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
CVE-2019-19259
CVE-2019-19259 refers to a vulnerability in GitLab Enterprise Edition (EE) 11.3 and later through 12.5 that allows an Insecure Direct Object Reference (IDOR), leading to potential information disclosure. The issue affects the application’s handling of object references and is categorized with a C...
CVE-2019-19259
GitLab Enterprise Edition EE 11.3 and later through 12.5 allows an Insecure Direct Object Reference IDOR...
Starbucks: Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card
nnez discovered that a hacker could transfer funds from one Starbucks card to another by inspecting the form with Google Chrome DevTools and then change the forms "CardNumber" value to a victim's valid Starbucks card number. If the value entered for the "FullAmount" form field did not exceed the...
GitLab Insecure Direct Object Reference Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...
The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV allows a malicious individual to gain unauthorized access to arbitrary reports.
The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV is related to the insecure direct object reference IDOR. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to arbitrar...
CVE-2019-19616
An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...
Design/Logic Flaw
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...
CVE-2014-8356
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...
CVE-2014-8356
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
eyecomms eyeCMS Insecure Direct Object Reference (IDOR) Vulnerability
eyecomms eyeCMS is a content management system CMS from eyecomms Oman. A security vulnerability exists in eyecomms eyeCMS 2019-10-15 and earlier versions. An attacker can exploit the vulnerability by modifying the 'id' parameter to modify personal information name, email, phone, resume and other...
CVE-2019-17604
An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...
CVE-2019-17604
An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...
CVE-2019-17604
CVE-2019-17604 is an Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS up to 2019-10-15. An attacker can modify the id parameter to change other candidates’ personal information (e.g., first name, last name, email, CV, phone, etc.). The related Red Hat CVE-2019-17604 entry ...
Moneybird: IDOR in https://moneybird.com/user/accountant_company/edit(change company name)
Reporter found a way to change the name of an accountant company for which he didn't have permissions. We added extra checks to prevent these kind of Insecure Direct Object Reference bugs...