4384 matches found
SOCA Access Control System 180612 - Information Disclosure
Exploit for php platform in category web applications SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint...
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
Cross site request forgery (csrf)
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
CVE-2019-6716
The CVE-2019-6716 issue affects LogonBox Limited/Nervepoint Access Manager (versions 1.2–1.4-RG3; 2013–2017) where an unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core enables an attacker to enumerate internal Active Directory usernames and group names and to alter back-end j...
CVE-2019-8395
An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...
CVE-2019-8395
Zoho ManageEngine ServiceDesk Plus (SDP) is affected by an Insecure Direct Object Reference (IDOR) vulnerability via an attachment to a request, in SDP versions prior to 10.0 build 10007. The issue is documented across multiple sources (NVD/CNVD) with consistent impact wording, indicating unautho...
LongBox Limited Access Manager Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure
Exploit for multiple platform in category web applications Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 =...
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
Kaspersky: Web protection component in Anti-Virus products family uses predictable links for certificate warnings
Summary Websites can predict links used in certificate warnings, Safe Money prompts, anti-phishing warnings and similar pages. This allows them to initiate actions without the user's knowledge. Description The links used to override certificate warnings have the following format: https:///?kiscup...
Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Direct Object Reference
ShowDoc is vulnerable to direct object reference. A remote attacker is able to navigate and retrieve or modify notes belonging to other users by modifying the pageid...
Authorization
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
CVE-2018-15693
CVE-2018-15693 affects Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier. The issue is an authorization bypass via insecure direct object reference, enabling authenticated users to access objects they should not be able to. The NVD entry lists an overall CVSS range with base scores of 3.5 ...
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
Insecure Direct Object Reference
flarum/core is vulnerable to insecure direct object reference. An attacker is able to exploit the vulnerability to modify user information which can possibly lead to a full account takeover...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...