4382 matches found
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...
Atlassian Confluence Server 5.8.x < 5.8.17 Multiple Vulnerabilities
Binary data 9647.prm...
CVE-2016-0915
The Self-Service Portal in EMC RSA Authentication Manager AM Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service PIN change for an arbitrary user via a modified token serial number within a PIN change request, related to a "direct...
Harvest: Unauthorized read access to Invoices by PM (Access control Issues)
Hi Team, Description : Project Manager have access to limited projects and corresponding Invoices. But he can view any private Invoices of the company which he doesn't have access to. Sending Invoice Request is Vulnerable to Indirect Object Reference Attack. Any Unprivileged Project manager can...
Unable to Communicate With Hypervisor When Using XenDesktop Setup Wizard
Unable to Communicate with Hypervisor when using XenDesktop Setup Wizard. Logs display, "object reference not set to instance of an object" When running XenDesktop Setup Wizard, error states, "cannot connect to hypervisor" Logs shows an error when checking a particular hosting unit. Checked Host...
Nextcloud: IDOR - Disable sharing
Decription: ----- Users are shared files or folder. can disable this sharing. Detail: ------ + use request: DELETE /nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares/share-id?format=json HTTP/1.1 Host: your-host User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:47.0 Gecko/20100101 Firefox/47....
Option CloudGate Insecure Direct Object References And XSS Vulnerabilities
Option CloudGate is prone to cross site scripting and insecure direct object reference authorization bypass vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Mail.ru: [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References
При загрузке аудио-файла с помощью сценария https://upload-14.my.mail.ru/uploadaudio отсутствует проверка принадлежности указанного playlistid текущему пользователю. Пример добавленного файла в чужой плейлист: https://my.mail.ru/music/playlists/18226273862 Пример запроса: POST /uploadaudio HTTP/1...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability in the libs/binder/IPCThreadState.cpp function of the Android operating system’s Binder component exists due to incorrect references to objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges through a specially create...
GitLab: Privilege escalation to access all private groups and repositories
Vulnerability details There is an insecure direct object reference IDOR issue in the group sharing feature for a project. This allows an attacker to get access to the names of private repositories of a group, issues, milestones, and the group its team members. Proof of concept First, lets set up...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI...
Bumble: Insecure Direct Object Reference on badoo.com
Hi, I want to report IDOR Insecure Direct Object Reference vulnerability to you. IDOR Details are here: https://www.owasp.org/index.php/Top102010-A4-InsecureDirectObjectReferences https://www.owasp.org/index.php/TestingforInsecureDirectObjectReferences%28OTG-AUTHZ-004%29 As the pages say: Insecur...
Veris: Insecure Direct 'org-visitor-log' References
The particular issue was related to Insecure Direct Object Reference vulnerability where a particular API was not included in the main permission sets. So the enumeration attacks could be executed...