CVE-2017-11463

In Ivanti Service Desk formerly LANDESK Management Suite versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in...

CVE-2017-11463

Ivanti Service Desk (LANDESK Management Suite) 2016.3–2017.3 has an Unrestricted Direct Object Reference allowing normal users to reference/update objects belonging to others by sending a URI with a target username, enabling retrieval of keys/tokens to access user profiles, tickets, incidents, et...

RecargaPay: IDOR exposes receipts of all users.

@cablej found an insecure direct object reference IDOR that could expose receipts from external users. Thanks for helping us make RecargaPay more secure!...

ZKTime Web Software 2.0 Insecure Direct Object Reference

Exploit Title: ZKTime Web Software 2.0 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...

CVE-2015-6668

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...

CVE-2015-6668

The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...

Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference

Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security HES Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud...

Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution

!/usr/bin/env python -- coding: utf8 -- Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior ALC WebCTRL, SiteScan Web 6.1 and...

OLX: I found a way to instantly take over ads by other users and change them (IDOR)

A local LetGo webpage was vulnerable to Insecure Data Object Reference issue which could have lead to ad hijack or settings change price, description, location. @kciredor discovered this vulnerability and notified us about this. We would like to thank you for this report. Please do not hesitate t...

Selfservice.exe Crashes on First Log On, Second Attempt Works

When a user attempts to logon it fails the first time and succeeds the second time. The first time selfservice.exe crashes. Self-service Plug-in exited unexpectedly. Exception was Object reference not set to an instance of an object. at Dazzle.AppMonitor.Control.Controller.WaitForLogoff at...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal Vulnerabilities

Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue. Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal

Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory...

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

U.S. Dept Of Defense: IDOR on DoD Website exposes FTP users and passes linked to all accounts!

Description: https://████/██████/ is vulnerable to Insecure Direct Object Reference. The application does not validate whether or not who a Push Server belongs to thus allowing an attacker to view the credentials of any FTP / sFTP server linked to any user's account. Impact An attacker can view...

Agorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions: 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: High Solution Status: Open...

CVE-2016-7786

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5...

ok.ru: ВИП подарки бесплатные без подключения ВИП услуги

Attacker could send VIP gifts for free due to insecure direct object reference. Недостаточная проверка прав при дарении подарка позволяла дарить VIP подарки бесплатно...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

For a full list of their clients please visit: https://www.checkbox.com/clients/ 1- Directory traversal vulnerability : For example to download the web.config file we can send a request as the following: http://www.example.com/Checkbox/Upload.ashx?f=....\web.config&n=web.config 2- Direct Object...

ProjectSend r754 - Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Product & Service Introduction: =============================== ProjectSend is a self-hosted application you can install it easily on your own VPS or...

OLX: Public Vulnerable Version of Confluence https://confluence.olx.com

The public server is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. Link to the public issue: https://jira.atlassian.com/browse/CONF-39704 PoC: GET:...