CVE-2016-10734

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

Authentication flaw

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

CVE-2016-10734

ProjectSend (formerly cFTP) r582 contains an Insecure Direct Object Reference vulnerability in includes/actions.log.export.php. The CNVD entry notes that ProjectSend is a PHP/MySQL self-hosted application, and the NVD entry documents a high-impact issue with access control to object references. T...

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

GHSA-RPCH-CQJ9-H65R High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Exploit

Exploit for windows platform in category dos / poc Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correctly handle pre-defined keys...

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM LE UPTO V4.11.6 Date: 12/09/2019 Author: S. M. Zia Ur Rashid Vendor Homepage: wisetail.com Author Contact: https://www.linkedin.com/in/ziaurrashid/ Affected Version: = 4.11.6 Assaigned CVE: CVE-2018-16970, CVE-2018-16971...

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

CVE-2018-16971

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

CVE-2018-16970

CVE-2018-16970 affects Wisetail Learning Ecosystem (LE) up to version 4.11.6, where an insecure direct object reference (IDOR) enables downloading non-purchased course files by modifying the id parameter. The connected PacketStorm entry corroborates multiple IDOR vulnerabilities affecting LE ≤ 4....

CVE-2018-16608

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...

CVE-2018-16608

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...

CVE-2018-16704

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

CVE-2018-16704

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

Design/Logic Flaw

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

CVE-2018-16704

An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers logged in users to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org...

CVE-2018-16704

CVE-2018-16704 affects Gleez CMS v1.2.0. The issue is an Insecure Direct Object Reference that allows authenticated users to view the profile page of other users, demonstrated by accessing /user/3 on demo.gleezcms.org. This is a user-authorization bypass that could expose profile details to other...

CVE-2018-16606

In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...