CVE-2018-16606

In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...

CVE-2018-16606

CVE-2018-16606 is an IDOR flaw in ProConf prior to 6.1 that lets any author view all submitted papers (titles/abstracts) and associated authors’ personal information (name, email, organization, position) by altering the Paper ID (pid parameter). Exploitation details in the sources show a PoC wher...

Design/Logic Flaw

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

CVE-2018-15833

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

CVE-2018-15833

In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...

OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference

Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell ----- Product Description: "OSCAR is open-source Electronic Medical Record EMR software that was first developed at McMaster...

Yelp: I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)

@hk755a found an Insecure Direct Object Reference IDOR Vulnerability that allowed an attacker to pay with someone else's registered credit card, while ordering food with Grubhub through the /checkout/transactionplatform endpoint. No credit card information was disclosed as a result of this...

U.S. Dept Of Defense: ████ █████ exposes highly sensitive information to public

Summary: www.██████ is a system used by ██████ for vendors to upload details of their technology for review by ███. Due to an insecure direct object reference vulnerability, all vendor uploads are accessible to the public, without authentication. This includes Unclass//FOUO documents, documents...

CVE-2018-1000210

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

Design/Logic Flaw

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

CVE-2018-1000210

YamlDotNet versions 4.3.2 and earlier contain an Insecure Direct Object Reference vulnerability in Deserializer.Deserialize(), which can blindly instantiate user-controlled types via currentType = Type.GetType(...). This can enable code execution in the running process when parsing specially craf...

Grundig Smart Inter@ctive 3.0 Insecure Direct Object Reference

Exploit Title: Grundig Smart Remote App CSRF Google Dork: Local Vulnerability Date: 06.07.2018 Exploit Author: Ahmethan GALTEKAdegN @inject0r16 Vendor Homepage: https://www.grundig.com/ Software Link: https://play.google.com/store/apps/details?id=arcelik. android.grundig.remote Version: Grundig...

TP-Link TL-WR841N V13 Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Overview An attacker that can send HTTP...

TP-Link TL-WR841N V13 Insecure Direct Object Reference

Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: Issue was independently fixed in previous...

CVE-2018-1000503

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in...

Security Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)

Summary IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user's submitted applications from the system and possibly obtain privileges. Vulnerability Details CVEID: CVE-2018-1362...

Security Bulletin: IBM OpenPages GRC Platform has addressed insecure object reference (CVE-2017-1148)

Summary IBM OpenPages GRC Platform with OpenPages Loss Event Entry LEE application addressed potential security exposure due to insecure object reference. Vulnerability Details CVEID: CVE-2017-1148 DESCRIPTION: IBM OpenPages GRC Platform with OpenPages Loss Event Entry LEE application could allow...

WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability

Direct Object Reference vulnerability found by Zhihua Yao in WordPress BBE theme versions = 1.52. The vulnerability allows a direct launch of an HTML editor. Solution Update the WordPress BBE theme to the latest available version at least 1.53...

Monstra CMS <= 3.0.4 Multiple Vulnerabilities

Monstra CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Design/Logic Flaw

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...