17 matches found
exploit-notes
🎯 Pentest Playbook Index Welcome to the comprehensive penetra...
CVE-2025-64431 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference IDOR attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one organization to access and modify data belongin...
EUVD-2018-1901
Malware in sbrugna...
EUVD-2022-34370
Malicious code in bioql PyPI...
CVE-2023-24625
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
ProjectID is disclosed and can be used for IDOR attack
I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...
wallabag authorization issue vulnerability
wallabag is a web application that allows you to save web pages for later reading. wallabag versions prior to 2.5.3 contain an authorization issue vulnerability that stems from the fact that the exporting entry module is vulnerable to an IDOR attack, which could be exploited to view other users'...
CVE-2022-2080
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
CVE-2022-2080
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
Design/Logic Flaw
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studen...
Spiffy Calendar < 4.9.1 - Subscriber+ Arbitrary Event Edition/Deletion via IDOR
The plugin does not check that an event belongs to the user editing/deleting it, allowing any authenticated users to delete arbitrary one via an IDOR attack...
Open-Xchange: Unauthorized access to attachments details of Private Calendar appointments (Access control issue)
Hi Team, Description : In calendar folder there is a permission settings where user can be assigned as read only user of it's own objects . User with this permission shouldn't be able to view private appointments and it's attachments . There is request of getting attachment details from server...
Harvest: Unauthorised read Access to Expense Receipt of any user in the company(Vertical Privilege escalation)
Hi Team, Description : In Timesheet you have option for submitting your expense for the projects you are assigned. But Only Admin can view other user's Expenses and related receipts. But there is a request which gives a full size of expense receipt attached to the expenses. This request is...
X (Formerly Twitter): Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
Hi Team, You can tweet from your ad account while creating a campaign.When you add a media content from your computer and upload it there is a Json request which gives you the link of your mediaPhotos to preview before Tweeting.This link is Vulnerable to IDOR Attack and it leads to disclose all t...
Vimeo: Vimeo.com Insecure Direct Object References Reset Password
Hello, my name is Toufik Airane. This is Responsible Disclosure and Silent Disclosure. Thanks you to opened bug bounty program! Please find a proof of concept for IDOR attack on famous vimeo.com. With this IDOR, attacker can reset any password, of any account and take controle of it. Please, find...