4468 matches found
CVE-2024-5166 Insecure Direct Object Reference In Looker
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model...
CVE-2024-5166
An Insecure Direct Object Reference (IDOR) affects Google Cloud Looker, allowing metadata exposure across authenticated Looker users who share the same LookML model. The CVE-2024-5166 entry states a CVSS v3.1 base score of 6.5 (Medium) with Confidentiality Impact: High and Impact on Integrity/Ava...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the presence of an unsafe direct object reference issue...
PT-2024-34804 · Google Cloud · Looker
Name of the Vulnerable Software and Affected Versions: Looker versions affected versions not specified Description: An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. Recommendations: At the momen...
Insecure Direct Object Reference (IDOR) / Weak Encryption
nzo/url-encryptor-bundle is vulnerable to a Insecure Direct Object Reference IDOR. This vulnerability is due to a lack of mandatory key and initialization vector IV requirements, which makes the aes-256-ctr algorithm susceptible to malleability attacks. It allows attackers to decrypt and modify...
Insecure Direct Object Reference (IDOR)
org.bonitasoft.engine, bonita-server is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the absence of dynamic permissions, which previously existed only in the Subscription edition and were not customizable in the Community edition...
CVE-2024-4279
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...
CVE-2024-4279
Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...
WordPress Tutor LMS plugin <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability
Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Course Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.0...
PT-2024-26226 · Eramba · Eramba
Name of the Vulnerable Software and Affected Versions: Eramba Community versions prior to 3.22.0 Description: A bug was found in the /attachments/attachments/download/ API endpoint, allowing arbitrary file download due to a lack of user permission checks. This issue is related to an Insecure Dire...
Bonitasoft 安全漏洞
Bonitasoft is an open source BPM software from Bonitasoft. Bonitasoft has a security vulnerability that stems from a lack of dynamic permissions, which leads to an IDOR vulnerability...
PT-2024-22255 · Bonitasoft · Bonitasoft Runtime Community Edition
Name of the Vulnerable Software and Affected Versions: Bonitasoft runtime Community edition affected versions not specified Description: The issue is related to the lack of dynamic permissions in the Community edition of Bonitasoft runtime, which causes an Insecure Direct Object Reference IDOR...
Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...
CVE-2024-33818
Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...
Globitel SpeechLog Analytics 安全漏洞
Globitel SpeechLog Analytics is a speech analysis module from Globitel. A security vulnerability exists in Globitel SpeechLog Analytics version v8.1, which stems from the discovery of an insecure direct object reference IDOR contained via the userID parameter...
BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...
BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...
CVE-2024-33818
Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference IDOR via the userID parameter...