Lucene search
+L

1971 matches found

Packet Storm
Packet Storm
added 2018/09/13 12:0 a.m.57 views

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM LE UPTO V4.11.6 Date: 12/09/2019 Author: S. M. Zia Ur Rashid Vendor Homepage: wisetail.com Author Contact: https://www.linkedin.com/in/ziaurrashid/ Affected Version: = 4.11.6 Assaigned CVE: CVE-2018-16970, CVE-2018-16971...

4.7AI score0.00733EPSS
Exploits3
CVE
CVE
added 2018/09/12 8:0 p.m.42 views

CVE-2018-16970

CVE-2018-16970 affects Wisetail Learning Ecosystem (LE) up to version 4.11.6, where an insecure direct object reference (IDOR) enables downloading non-purchased course files by modifying the id parameter. The connected PacketStorm entry corroborates multiple IDOR vulnerabilities affecting LE ≤ 4....

4.3CVSS4.6AI score0.00733EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/09/12 8:0 p.m.21 views

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

4.6AI score0.00733EPSS
Exploits2References1
NVD
NVD
added 2018/09/10 1:29 p.m.19 views

CVE-2018-16608

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...

8.8CVSS8.8AI score0.01199EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/10 1:0 p.m.18 views

CVE-2018-16608

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&userid=1, Insecure Direct Object Reference IDOR...

8.9AI score0.01199EPSS
Exploits1References1
CVE
CVE
added 2018/09/07 5:0 p.m.40 views

CVE-2018-16704

CVE-2018-16704 affects Gleez CMS v1.2.0. The issue is an Insecure Direct Object Reference that allows authenticated users to view the profile page of other users, demonstrated by accessing /user/3 on demo.gleezcms.org. This is a user-authorization bypass that could expose profile details to other...

4.3CVSS4.5AI score0.00772EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/06 4:29 p.m.19 views

CVE-2018-16606

In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...

6.5CVSS6.4AI score0.05949EPSS
Exploits3References2
CVE
CVE
added 2018/09/06 4:0 p.m.34 views

CVE-2018-16606

CVE-2018-16606 is an IDOR flaw in ProConf prior to 6.1 that lets any author view all submitted papers (titles/abstracts) and associated authors’ personal information (name, email, organization, position) by altering the Paper ID (pid parameter). Exploitation details in the sources show a PoC wher...

6.5CVSS6.3AI score0.05949EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2018/09/06 4:0 p.m.22 views

CVE-2018-16606

In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...

6.4AI score0.05949EPSS
Exploits3References2
Prion
Prion
added 2018/08/26 5:29 p.m.17 views

Design/Logic Flaw

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

4CVSS4.7AI score0.00878EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/08/26 5:29 p.m.17 views

CVE-2018-15833

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...

4.3CVSS4.7AI score0.00878EPSS
Exploits0References4
CVE
CVE
added 2018/08/26 5:0 p.m.45 views

CVE-2018-15833

In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...

4.3CVSS4.6AI score0.00878EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2018/08/23 12:0 a.m.102 views

OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference

Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell ----- Product Description: "OSCAR is open-source Electronic Medical Record EMR software that was first developed at McMaster...

7.5CVSS0.96121EPSS
Exploits4
Hacker One
Hacker One
added 2018/08/06 9:9 p.m.16 views

Yelp: I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)

@hk755a found an Insecure Direct Object Reference IDOR Vulnerability that allowed an attacker to pay with someone else's registered credit card, while ordering food with Grubhub through the /checkout/transactionplatform endpoint. No credit card information was disclosed as a result of this...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2018/07/30 5:57 p.m.19 views

U.S. Dept Of Defense: ████ █████ exposes highly sensitive information to public

Summary: www.██████ is a system used by ██████ for vendors to upload details of their technology for review by ███. Due to an insecure direct object reference vulnerability, all vendor uploads are accessible to the public, without authentication. This includes Unclass//FOUO documents, documents...

6.7AI score
Exploits0
Prion
Prion
added 2018/07/13 6:29 p.m.16 views

Design/Logic Flaw

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

6.8CVSS7.7AI score0.01469EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/07/13 6:29 p.m.16 views

CVE-2018-1000210

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

7.8CVSS7AI score
Exploits0References2
CVE
CVE
added 2018/07/13 6:0 p.m.77 views

CVE-2018-1000210

YamlDotNet versions 4.3.2 and earlier contain an Insecure Direct Object Reference vulnerability in Deserializer.Deserialize(), which can blindly instantiate user-controlled types via currentType = Type.GetType(...). This can enable code execution in the running process when parsing specially craf...

7.8CVSS7.6AI score0.01469EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/06/30 12:0 a.m.114 views

TP-Link TL-WR841N V13 Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Overview An attacker that can send HTTP...

0.1AI score0.02859EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/06/28 12:0 a.m.36 views

TP-Link TL-WR841N V13 Insecure Direct Object Reference

Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: Issue was independently fixed in previous...

9.7AI score0.02859EPSS
Exploits2
Rows per page
Query Builder