4654 matches found
Open-Xchange: IDOR - Deleting other user's reminders just by id
Hello, I have found that one can delete other user's reminders just by passing the id. The folder id, user id and other linking data is not passed and not validated by making a normal delete requests all these parameters are passed, but they don't seem to be validated POC ---------------- PUT...
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
Exploit for asp platform in category web applications Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...
Check Box 2016 Q2 Survey - Multiple Vulnerabilities
Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...
Article Directory Script Seo 3.2 Insecure Direct Object Reference
Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Article Directory Script Seo Script Version: V3.2 Script Buy Now: http://www.e-soft24.com/article-directory-script-seo-p-338.html Author: Adeghsan Aencan Author Web: http://ihsan.ne...
MC Real Estate Pro Insecure Direct Object Reference
Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Real Estate Pro Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 Author: Adeghsan Aencan Author Web: http://ihsan.net Mail : ihsanbeygirihsannoktanet...
U.S. Dept Of Defense: Insecure direct object reference vulnerability on a DoD website
A Department of Defense website was vulnerable to an insecure direct object reference vulnerability IDOR which may allow an attacker to modify web content or certain database parameters. @uranium238 was able to demonstrate this vulnerability by manipulating web objects in a particular way. Very...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
Atlassian Confluence Server 5.8.x < 5.8.17 Multiple Vulnerabilities
Binary data 9647.prm...
Within ten seconds of black off the Facebook home page? This vulnerability turned out to the value 1. 6 million dollars including vulnerability analysis-vulnerability warning-the black bar safety net
! How to black out your Facebook for? The man from India safe studies experts say have something to say. According to the foreign media to the latest reports, a man named ArunSureshkumar of India security experts at Facebook“Business Management Platform”for BusinessManager found a serious...
CVE-2016-0915
The Self-Service Portal in EMC RSA Authentication Manager AM Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service PIN change for an arbitrary user via a modified token serial number within a PIN change request, related to a "direct...
Nextcloud: IDOR - Disable sharing
Decription: ----- Users are shared files or folder. can disable this sharing. Detail: ------ + use request: DELETE /nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares/share-id?format=json HTTP/1.1 Host: your-host User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:47.0 Gecko/20100101 Firefox/47....
Insecure Direct Object References in Gallery - ownCloud
ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. Affected Software ownCloud Server 8.2.6 CVE-2016-5876 gallery/2e8f1f2509d15876ab09396dfe6c463aacdf5c5b ownCloud Server 9.0.3...
Server: Insecure Direct Object References in Gallery
ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Option CloudGate Insecure Direct Object References And XSS Vulnerabilities
Option CloudGate is prone to cross site scripting and insecure direct object reference authorization bypass vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...