126 matches found
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
Design/Logic Flaw
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42334
The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...
CVE-2022-3511
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...
CVE-2021-36329
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
CVE-2021-36329
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
Design/Logic Flaw
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
CVE-2021-36329
CVE-2021-36329 affects Dell EMC Streaming Data Platform prior to 1.3, where an Indirect Object Reference vulnerability could let a remote attacker obtain sensitive information. Multiple sources corroborate the impact as disclosure of information via indirect access. The vulnerability is documente...
CVE-2021-36329
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
Dell Emc Streaming Data Platform 安全漏洞
Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...
CVE-2021-36329
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...
CVE-2021-41305
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...
CVE-2020-13815
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...