4469 matches found
Insecure Direct Object Reference (IDOR)
oqtane.framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the Oqtane.Controllers.UserController, allows attackers to manipulate the id parameter to access sensitive information belonging to other users...
CVE-2024-52294
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...
Khoj 安全漏洞
Khoj is an open source application from Khoj AI. It can create ready-to-use personal AI agents for users. A security vulnerability exists in Khoj versions prior to 1.29.10, which stems from the presence of an insecure direct object reference IDOR vulnerability that allows any authenticated user t...
WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability
Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...
GHSA-2HR5-CVWP-JR5W Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
GHSA-HHCW-WWXV-G95C Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-12014
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-12014
Summary: CVE-2024-12014 describes a path traversal and insecure direct object reference (IDOR) vulnerability in the eSignaViewer component of the eSigna product (versions 1.0–1.5) that allows an unauthenticated attacker to access arbitrary files in the document system by manipulating file paths a...
CVE-2024-12014 Path Traversal vulnerability in eSignaViewer Allow Unauthorized File Access
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Summary: CVE-2024-55471 affects Oqtane Framework via Insecure Direct Object Reference in Oqtane.Controllers.UserController, enabling unauthorized access to other users’ data by tampering the id parameter. Affected information includes guidance across multiple sources; remediation is to upgrade to...
Oqtane Framework 安全漏洞
Oqtane Framework is an open source content management system CMS and application framework from Oqtane Open Source. A security vulnerability exists in Oqtane Framework version 6.0.0, which stems from an insecure direct object reference that allows a logged-in user to access other user's messages ...