Lucene search
+L

126 matches found

Cvelist
Cvelist
added 2023/10/13 12:0 a.m.17 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.3AI score0.00483EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/13 12:0 a.m.15 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.2AI score0.00483EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 8:15 p.m.19 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1
OSV
OSV
added 2023/09/20 8:15 p.m.5 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.5CVSS5.8AI score0.00584EPSS
Exploits1References1
Prion
Prion
added 2023/09/20 8:15 p.m.17 views

Design/Logic Flaw

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

4CVSS6.6AI score0.00584EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2023/09/20 12:0 a.m.25 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

6.8AI score0.00584EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/09/20 12:0 a.m.11 views

CVE-2023-42334

An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...

7.2AI score0.00584EPSS
Exploits1References1
CVE
CVE
added 2023/09/20 12:0 a.m.47 views

CVE-2023-42334

The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...

6.5CVSS6.6AI score0.00584EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.5 views

memos 授权问题漏洞

memos is an open source hosted memo center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to view, update, and delete shortcuts of other users using IDOR...

9.1CVSS7.3AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2022/11/28 2:15 p.m.6 views

CVE-2022-3511

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...

6.5CVSS5.8AI score0.00699EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/01 6:40 p.m.35 views

CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

6.4CVSS6.5AI score0.00417EPSS
Exploits0References2
OSV
OSV
added 2021/11/30 9:15 p.m.6 views

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

6.5CVSS5.8AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 9:15 p.m.18 views

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

6.5CVSS0.00675EPSS
Exploits0References1
Prion
Prion
added 2021/11/30 9:15 p.m.13 views

Design/Logic Flaw

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

4CVSS6.6AI score0.00675EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/30 8:40 p.m.41 views

CVE-2021-36329

CVE-2021-36329 affects Dell EMC Streaming Data Platform prior to 1.3, where an Indirect Object Reference vulnerability could let a remote attacker obtain sensitive information. Multiple sources corroborate the impact as disclosure of information via indirect access. The vulnerability is documente...

6.5CVSS6.6AI score0.00675EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/30 8:40 p.m.21 views

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

6.5CVSS6.8AI score0.00675EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.5 views

Dell Emc Streaming Data Platform 安全漏洞

Dell Emc Streaming Data Platform is a Dell platform for ingesting, storing and analyzing continuous streaming data in real time. A security vulnerability exists in the Dell Emc Streaming Data Platform that originates from the inclusion of an indirect object reference, which can be exploited by an...

6.5CVSS5.6AI score0.00675EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/11/19 12:0 a.m.3 views

CVE-2021-36329

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information...

6.5CVSS6.7AI score0.00675EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/25 12:0 a.m.4 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

7.5CVSS7.2AI score0.0117EPSS
Exploits0References2
NVD
NVD
added 2020/06/04 4:15 p.m.23 views

CVE-2020-13815

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...

7.5CVSS7.5AI score0.0153EPSS
Exploits0References1
Rows per page
Query Builder