Lucene search
+L

124 matches found

redhatcve
redhatcve
added 2025/05/23 2:13 a.m.9 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS6.2AI score0.00483EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 2:2 a.m.15 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS6.8AI score0.00582EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 4:18 p.m.9 views

CVE-2020-13815

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...

7.5CVSS6.9AI score0.0153EPSS
Exploits0
nvd
nvd
added 2024/10/28 7:15 p.m.17 views

CVE-2024-9825

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS0.00267EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/10/28 6:42 p.m.10 views

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS6.8AI score0.00267EPSS
Exploits0References2
cvelist
cvelist
added 2024/10/28 6:42 p.m.24 views

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

5.4CVSS0.00267EPSS
Exploits0References2
cve
cve
added 2024/10/28 6:42 p.m.73 views

CVE-2024-9825

The CVE-2024-9825 entry concerns the Chef Habitat builder-api on-prem-builder package. It states that any version older than habitat/builder-api/10315/20240913162802 is vulnerable to an IDOR issue that allows unauthorized deletion of a personal token, with the vulnerability attributed to the buil...

5.4CVSS5.4AI score0.00267EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/10/28 12:0 a.m.4 views

Progress Chef Habitat 安全漏洞

Progress Chef Habitat is an open source solution from Progress, Inc. that provides automation capabilities for defining, packaging, and delivering applications to virtually any environment. Progress Chef Habitat has a security vulnerability that stems from susceptibility to Indirect Object...

5.4CVSS6.8AI score0.00267EPSS
Exploits0References2
osv
osv
added 2024/01/02 9:15 p.m.7 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.5CVSS5.8AI score0.00578EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/01/02 9:15 p.m.5 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.5CVSS5.8AI score0.00578EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/01/02 12:0 a.m.14 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

6.9AI score0.00578EPSS
Exploits0References1
cvelist
cvelist
added 2024/01/02 12:0 a.m.20 views

CVE-2023-45893

An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information...

7.7AI score0.00578EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/12/11 12:0 a.m.7 views

PT-2023-29751 · Floorsight · Floorsight Customer Portal Q3 2023

Name of the Vulnerable Software and Affected Versions: Floorsight Customer Portal Q3 2023 Description: An indirect Object Reference IDOR in the Order and Invoice pages allows an unauthenticated remote attacker to view sensitive customer information. Recommendations: As a temporary workaround,...

7.5CVSS6.4AI score0.00578EPSS
Exploits0References6
osv
osv
added 2023/11/24 2:15 a.m.5 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS5.8AI score0.00582EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/11/23 12:0 a.m.8 views

PT-2023-7273 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.15 Description: The issue allows for Indirect Object Reference IDOR attacks, enabling unauthorized access to protected information. This can be achieved by modifying the sid parameter to EmailHtmlSourceIframe.jsp...

6.5CVSS6.6AI score0.00582EPSS
Exploits1References8
attackerkb
attackerkb
added 2023/10/26 3:15 p.m.4 views

CVE-2023-46449

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function...

8.8CVSS5.9AI score0.00756EPSS
Exploits2References3
nvd
nvd
added 2023/10/13 2:15 p.m.17 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS6.1AI score0.00483EPSS
Exploits1References1
attackerkb
attackerkb
added 2023/10/13 2:15 p.m.4 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS6.6AI score0.00483EPSS
Exploits1References2
osv
osv
added 2023/10/13 2:15 p.m.6 views

CVE-2023-45393

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

6.5CVSS5.8AI score0.00483EPSS
Exploits1References1
prion
prion
added 2023/10/13 2:15 p.m.13 views

Information disclosure

An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...

4CVSS6.1AI score0.00483EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder