SUSE-SU-2022:3676-1 Security update for grafana

This update for grafana fixes the following issues: Updated to version 8.5.13 jscPED-2145, jscSLE-23439, jscSLE-23422, jscSLE-24565: - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation bsc1203596. - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is us...

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...

SolarWinds Platform 安全漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A security vulnerability exists in SolarWinds Platform version 2022.3 and prior versions that stems from an insecure direct object reference IDOR. An attacker with node...

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.5 through 15.1.6,...

CVE-2022-3331

Removed by vendor...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

PT-2022-21762 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.5 through 15.1.5 GitLab EE versions 15.2 through 15.2.3 GitLab EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab EE's Zentao integration, which has an insecure direct object reference th...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

CVE-2022-42067

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...

Design/Logic Flaw

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...

CVE-2022-42067

CVE-2022-42067 concerns an Insecure Direct Object Reference (IDOR) vulnerability in the Online Birth Certificate Management System version 1.0. The available documents identify the affected product and vulnerability class but do not provide deeper root-cause details, exploit vectors, or explicit ...

CVE-2022-42067

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...

CVE-2022-2828

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

Design/Logic Flaw

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

PT-2022-18934 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows revealing information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations: At the moment, there is no information...

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...