4651 matches found
CVE-2019-6716
The CVE-2019-6716 issue affects LogonBox Limited/Nervepoint Access Manager (versions 1.2–1.4-RG3; 2013–2017) where an unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core enables an attacker to enumerate internal Active Directory usernames and group names and to alter back-end j...
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
CVE-2019-8395
An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...
CVE-2019-8395
An Insecure Direct Object Reference IDOR vulnerability exists in Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10007 via an attachment to a request...
CVE-2019-8395
Zoho ManageEngine ServiceDesk Plus (SDP) is affected by an Insecure Direct Object Reference (IDOR) vulnerability via an attachment to a request, in SDP versions prior to 10.0 build 10007. The issue is documented across multiple sources (NVD/CNVD) with consistent impact wording, indicating unautho...
LongBox Limited Access Manager Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure
Exploit for multiple platform in category web applications Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 =...
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
Kaspersky: Web protection component in Anti-Virus products family uses predictable links for certificate warnings
Summary Websites can predict links used in certificate warnings, Safe Money prompts, anti-phishing warnings and similar pages. This allows them to initiate actions without the user's knowledge. Description The links used to override certificate warnings have the following format: https:///?kiscup...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium;...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Direct Object Reference
ShowDoc is vulnerable to direct object reference. A remote attacker is able to navigate and retrieve or modify notes belonging to other users by modifying the pageid...
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
CVE-2018-15693
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...
Authorization
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...