Lucene search
+L

4651 matches found

CVE
CVE
added 2019/03/17 5:50 p.m.51 views

CVE-2019-6716

The CVE-2019-6716 issue affects LogonBox Limited/Nervepoint Access Manager (versions 1.2–1.4-RG3; 2013–2017) where an unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core enables an attacker to enumerate internal Active Directory usernames and group names and to alter back-end j...

9.4CVSS9AI score0.09641EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2019/03/17 5:50 p.m.33 views

CVE-2019-6716

An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...

9.2AI score0.09641EPSS
Exploits2References3
NVD
NVD
added 2019/02/17 4:29 a.m.14 views

CVE-2019-8395

An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...

9.8CVSS9.4AI score0.07065EPSS
Exploits0References1
OSV
OSV
added 2019/02/17 4:29 a.m.7 views

CVE-2019-8395

An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...

9.8CVSS7.3AI score0.07065EPSS
Exploits0References1
CVE
CVE
added 2019/02/17 4:0 a.m.47 views

CVE-2019-8395

Zoho ManageEngine ServiceDesk Plus (SDP) is affected by an Insecure Direct Object Reference (IDOR) vulnerability via an attachment to a request, in SDP versions prior to 10.0 build 10007. The issue is documented across multiple sources (NVD/CNVD) with consistent impact wording, indicating unautho...

9.8CVSS9.2AI score0.07065EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/01/29 12:0 a.m.116 views

LongBox Limited Access Manager Insecure Direct Object Reference

Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...

9.5AI score0.09641EPSS
Exploits2
0day.today
0day.today
added 2019/01/28 12:0 a.m.74 views

LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure

Exploit for multiple platform in category web applications Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 =...

9.1AI score0.09641EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/01/28 12:0 a.m.53 views

LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference

Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/12/18 11:43 a.m.46 views

Kaspersky: Web protection component in Anti-Virus products family uses predictable links for certificate warnings

Summary Websites can predict links used in certificate warnings, Safe Money prompts, anti-phishing warnings and similar pages. This allows them to initiate actions without the user's knowledge. Description The links used to override certificate warnings have the following format: https:///?kiscup...

5.8CVSS0.02217EPSS
Exploits0
exploitpack
exploitpack
added 2018/12/14 12:0 a.m.75 views

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...

4CVSS0.4AI score0.07411EPSS
Exploits4
0day.today
0day.today
added 2018/12/14 12:0 a.m.190 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium;...

6.6AI score0.07411EPSS
Exploits4
exploitpack
exploitpack
added 2018/12/14 12:0 a.m.52 views

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...

4CVSS0.3AI score0.07234EPSS
Exploits4
0day.today
0day.today
added 2018/12/14 12:0 a.m.46 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...

0.2AI score0.07234EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/12/14 12:0 a.m.51 views

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

6.5CVSS6.5AI score0.07411EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/12/13 12:0 a.m.86 views

Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

6.6AI score0.07234EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/12/13 12:0 a.m.240 views

Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

0.3AI score0.07411EPSS
Exploits4
Veracode
Veracode
added 2018/11/30 5:11 a.m.15 views

Direct Object Reference

ShowDoc is vulnerable to direct object reference. A remote attacker is able to navigate and retrieve or modify notes belonging to other users by modifying the pageid...

4.3CVSS5.1AI score0.0126EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/11/16 6:29 p.m.5 views

CVE-2018-15693

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...

6.4CVSS5.8AI score0.00567EPSS
Exploits1References1
NVD
NVD
added 2018/11/16 6:29 p.m.11 views

CVE-2018-15693

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...

6.4CVSS6.4AI score0.00567EPSS
Exploits1References1
Prion
Prion
added 2018/11/16 6:29 p.m.12 views

Authorization

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...

3.5CVSS6.4AI score0.00567EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder