Lucene search
+L

4654 matches found

Hacker One
Hacker One
added 2017/01/17 10:54 a.m.34 views

Open-Xchange: IDOR - Deleting other user's reminders just by id

Hello, I have found that one can delete other user's reminders just by passing the id. The folder id, user id and other linking data is not passed and not validated by making a normal delete requests all these parameters are passed, but they don't seem to be validated POC ---------------- PUT...

1.6AI score
Exploits0
0day.today
0day.today
added 2017/01/17 12:0 a.m.28 views

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Exploit for asp platform in category web applications Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/17 12:0 a.m.119 views

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/15 12:0 a.m.36 views

Article Directory Script Seo 3.2 Insecure Direct Object Reference

Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Article Directory Script Seo Script Version: V3.2 Script Buy Now: http://www.e-soft24.com/article-directory-script-seo-p-338.html Author: Adeghsan Aencan Author Web: http://ihsan.ne...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/15 12:0 a.m.35 views

MC Real Estate Pro Insecure Direct Object Reference

Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Real Estate Pro Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 Author: Adeghsan Aencan Author Web: http://ihsan.net Mail : ihsanbeygirihsannoktanet...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/11/24 6:48 p.m.14 views

U.S. Dept Of Defense: Insecure direct object reference vulnerability on a DoD website

A Department of Defense website was vulnerable to an insecure direct object reference vulnerability IDOR which may allow an attacker to modify web content or certain database parameters. @uranium238 was able to demonstrate this vulnerability by manipulating web objects in a particular way. Very...

1.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/10/30 12:0 a.m.41 views

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/10/29 12:0 a.m.49 views

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2016/10/28 12:0 a.m.34 views

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/10/28 12:0 a.m.39 views

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.38 views

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/14 12:0 a.m.21 views

Atlassian Confluence Server 5.8.x < 5.8.17 Multiple Vulnerabilities

Binary data 9647.prm...

6.1CVSS7.3AI score0.61114EPSS
Exploits5References3
myhack58
myhack58
added 2016/09/20 12:0 a.m.21 views

Within ten seconds of black off the Facebook home page? This vulnerability turned out to the value 1. 6 million dollars including vulnerability analysis-vulnerability warning-the black bar safety net

! How to black out your Facebook for? The man from India safe studies experts say have something to say. According to the foreign media to the latest reports, a man named ArunSureshkumar of India security experts at Facebook“Business Management Platform”for BusinessManager found a serious...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2016/08/22 10:0 a.m.24 views

CVE-2016-0915

The Self-Service Portal in EMC RSA Authentication Manager AM Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service PIN change for an arbitrary user via a modified token serial number within a PIN change request, related to a "direct...

7.7AI score0.02155EPSS
Exploits0References3
Hacker One
Hacker One
added 2016/07/26 6:21 a.m.104 views

Nextcloud: IDOR - Disable sharing

Decription: ----- Users are shared files or folder. can disable this sharing. Detail: ------ + use request: DELETE /nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares/share-id?format=json HTTP/1.1 Host: your-host User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:47.0 Gecko/20100101 Firefox/47....

4CVSS0.4AI score0.01624EPSS
Exploits1
OwnCloud
OwnCloud
added 2016/07/13 7:1 p.m.500 views

Insecure Direct Object References in Gallery - ownCloud

ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. Affected Software ownCloud Server 8.2.6 CVE-2016-5876 gallery/2e8f1f2509d15876ab09396dfe6c463aacdf5c5b ownCloud Server 9.0.3...

4.3CVSS5.7AI score0.01171EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2016/07/13 2:0 a.m.517 views

Server: Insecure Direct Object References in Gallery

ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

4.3CVSS5.7AI score0.01171EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2016/07/04 12:0 a.m.16 views

Option CloudGate Insecure Direct Object References And XSS Vulnerabilities

Option CloudGate is prone to cross site scripting and insecure direct object reference authorization bypass vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.7AI score
Exploits0References1
exploitpack
exploitpack
added 2016/06/27 12:0 a.m.74 views

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...

7.6AI score
Exploits0
0day.today
0day.today
added 2016/06/27 12:0 a.m.44 views

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...

7.1AI score
Exploits0
Rows per page
Query Builder