4654 matches found
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate Insecure Direct Object Reference Auth Bypass
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate Insecure Direct Object References Authorization Bypass
Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...
GitLab: Privilege escalation to access all private groups and repositories
Vulnerability details There is an insecure direct object reference IDOR issue in the group sharing feature for a project. This allows an attacker to get access to the names of private repositories of a group, issues, milestones, and the group its team members. Proof of concept First, lets set up...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI...
Bumble: Insecure Direct Object Reference on badoo.com
Hi, I want to report IDOR Insecure Direct Object Reference vulnerability to you. IDOR Details are here: https://www.owasp.org/index.php/Top102010-A4-InsecureDirectObjectReferences https://www.owasp.org/index.php/TestingforInsecureDirectObjectReferences%28OTG-AUTHZ-004%29 As the pages say: Insecur...
New Relic: Normal user can set "Job title" of other users by Direct Object Reference
A normal user when logs in to "New Relic" and navigates to the "Account Settings" page, can only set his/her own Job title. All other user's Job title selection are not available. But using a proxy tool like Burp Suite, while changing his own job role, if he replaces his own ID with any other use...
Veris: Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely
Hello Team, I have found an extremely critical issue with the help of which an attacker can delete any member of any organization. The vulnerability is Insecure Direct Object ReferenceIDOR which leads to privilege escalation as an attacker can perform such a critical attack from his own account...
perfact::mpa Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-069 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...
perfact::mpa Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-067 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-064 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-059 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-058 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...
Chamilo LMS Insecure Direct Object Reference
Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...
Chamilo LMS IDOR - (messageId) Delete Post Vulnerability
Document Title: =============== Chamilo LMS IDOR - messageId Delete Post Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability Laboratory...