4393 matches found
ProjectSend r582 - Multiple Vulnerabilities
Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk level: 4 / 5 Credit:...
ProjectSend r582 - Multiple Vulnerabilities
ProjectSend r582 - Multiple Vulnerabilities Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object...
ProjectSend r582 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk...
Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities
Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product...
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Description Confluence is team collaboration software, where yo...
Atlassian Confluence XSS / Insecure Direct Object Reference
Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Description Confluence is team collaboration software, where yo...
sysPass 1.0.9 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-046 Product: sysPass Manufacturer: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: Insecure Direct Object References CWE-932 Exposure of Backup File to an Unauthorized Control...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
Multiple Vulnerabilities found in ZHONE
Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: S3.0.501...
ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities
ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2015-5827
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...
Design/Logic Flaw
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...
Page2Flip 2.5 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-029 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Insecure Direct Objec...
[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-029 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Insecure Direct Objec...
Weebly.com Insecure Direct Object Reference
Title: Hijack any website from weebly.com by just adding an administrator to their website. Insecure Direct Object Reference Vulnerability ===== Weebly is a web-hosting service that allows the user to drag-and-drop while using their website builder. As of August 2012, Weebly hosts over 20 milli...
phpList 3.0.10 Insecure Direct Object Reference
Affected software: phplist Type of vulnerability: insecure object reference URL:phplist.com Discovered by: Provensec Website: http://www.provensec.com version: phpList ltd. - v3.0.10 Proof of concept insecure object refrenced on page deltetation vuln param:delete example:...
X (Formerly Twitter): Insecure Direct Object Reference - access to other user/group DM's
Hello, I found a way to access group DM's which i don't have access to, Conditions to be met: - Should have been in that DM group atleast once. Exploitation ways: =============== - let's say they're three twitter profiles, Naruto , Goku and Eren. - Naruto creates a DM group in between himself ,...