4391 matches found
CVE-2019-14245
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
CVE-2019-14246
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...
CVE-2019-14246
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...
CVE-2019-14245
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
CVE-2019-14245
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
CVE-2019-14245
CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...
CVE-2019-14246
CVE-2019-14246 affects CentOS Web Panel (CWP) 0.9.8.851. An insecure object reference in the PHPMyAdmin password change flow enables an attacker account to discover or retrieve phpMyAdmin passwords for any user (password data in /etc/passwd) through the affected web interface path. The vulnerabil...
PT-2019-3100 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue is related to an insecure object reference, which allows an attacker to delete databases, such as oauthv2, from the server via an attacker account. This is due to insufficient access...
Lojack’d: Pwning Smart vehicle trackers
This research is by @evstykas with help from @Yekki1 and @TheKenMunroShow. Many car insurers insist that smart trackers are fitted to high end vehicles. In the event of theft, the car can be tracked and recovered. Probably the most well-known is LoJack, also known as Tracker in Europe. We also...
Authorization Bypass
magento/community-edition is vulnerablbe to authorization bypass. The vulnerability exists through an Insecure Direct Object Reference IDOR that could allow unauthorized access to order details...
WordPress Real Estate 7 plugin <= 2.9.0 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability found by m0ze in WordPress Real Estate 7 plugin versions = 2.9.0. Solution 2019 August 6 - no information about patched version available...
CVE-2019-7925
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...
CVE-2019-7864
An insecure direct object reference IDOR vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...
CVE-2019-7854
An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...
Design/Logic Flaw
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...
Design/Logic Flaw
An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...
CVE-2019-7872
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...
CVE-2019-7854
An insecure direct object reference IDOR vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details...