EUVD-2021-11474

Malware in sbrugna...

EUVD-2020-20170

Malware in sbrugna...

EUVD-2023-12952

Malicious code in bioql PyPI...

CVE-2021-24473

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles...

Moodle 4.4.x < 4.4.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

Moodle 4.1.x < 4.1.13 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

PT-2023-25783 · WordPress · Activitypub

Name of the Vulnerable Software and Affected Versions: ActivityPub WordPress plugin versions prior to 1.0.0 Description: The issue allows any authenticated user to retrieve the content of arbitrary posts, including drafts and private posts, via an IDOR vector. This is because the plugin does not...

PT-2023-29545 · Granding · Granding Utime Master

Name of the Vulnerable Software and Affected Versions: GRANDING UTime Master version 9.0.7-Build:Apr 4,2023 Description: The issue is related to an indirect object reference IDOR that allows authenticated attackers to access sensitive information. This is achieved via a crafted cookie...

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

CVE-2021-24562

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

CVE-2021-24473

The CVE-2021-24473 entry concerns the WordPress plugin User Profile Picture, affected in versions before 2.6.0. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows users with the upload_image capability (default: author and above) to change and delete the profile pictures ...

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

The plugin was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles. PoC Use a proxy such as Burp Suite to capture the request made when change your own...

Facebook BB #18 - IDOR Issue & Privacy Vulnerability

Document Title: =============== Facebook BB 18 - IDOR Issue & Privacy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1371 Facebook Security ID: 219208937 Release Date: ============= 2014-12-12 Vulnerability Laboratory ID VL-ID:...