90 matches found
CVE-2021-22023
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
Larvata Flygo 安全漏洞
Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker, after authenticating as a normal user, to manipulate the announcement ID in a specific Url parameter to access...
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...
Siemens Solid Edge Untrustworthy Pointer Reference Vulnerability
Siemens Solid Edge is a 3D CAD software from Siemens, Germany. An untrustworthy pointer reference vulnerability exists in Siemens Solid Edge. The vulnerability is due to the application lacking proper validation of user-supplied data when parsing PRT files. An attacker can exploit the vulnerabili...
CVE-2020-20183
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...
Design/Logic Flaw
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...
OPENSUSE-SU-2020:0670-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...
OPENSUSE-SU-2020:0668-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...
OPENSUSE-SU-2020:0667-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...
GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12558)
GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLTYPE' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...
CVE-2019-8395
An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...
Code injection
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application...
U.S. Dept Of Defense: ████ █████ exposes highly sensitive information to public
Summary: www.██████ is a system used by ██████ for vendors to upload details of their technology for review by ███. Due to an insecure direct object reference vulnerability, all vendor uploads are accessible to the public, without authentication. This includes Unclass//FOUO documents, documents...
Adobe Acrobat/Reader Untrustworthy Pointer Reference Vulnerability (CNVD-2017-36610)
Adobe Acrobat and Reader is the United States of America Odooby publicly issued PDF file processing program. Adobe Acrobat and Reader processing PDF files have untrustworthy pointer references vulnerability, allowing remote attackers can exploit the vulnerability to submit a special file, inducin...
Mp3splt 'free_options()' function null pointer reference denial of service vulnerability
Mp3splt is an mp3 music cutter. A denial of service vulnerability exists in the Mp3splt 'freeoptions' function. An attacker could exploit this vulnerability to crash the application, resulting in a denial of service...
Adobe Flash Player & Compiler内存错误引用漏洞(CNVD-2015-07616)
No description provided by source...
CVE-2008-3064
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."...
Insecure Direct Object Reference
The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...
CVE-2011-1887
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CV...
CVE-2011-1880
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer...