CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

Design/Logic Flaw

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

CVE-2022-1881

CVE-2022-1881 affects Octopus Server, with an Insecure Direct Object Reference vulnerability that lets a user download Project Exports from a project they don’t have permission to access, limited to projects in the same Space. Practical impact is potential exposure of export data. Remediation gui...

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

Insecure Direct Object Reference

idno/known is vulnerable to Insecure Direct Object Reference. The vulnerable getContent and postContent functions in Homepage class in Homepage.php file allow remote authenticated attackers to gain access to certain settings of the admin panel due to the use of createGatekeeper inner function...

GHSA-4V4P-87M3-5423 Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

Known v1.3.1 contains Insecure Direct Object Reference

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

Design/Logic Flaw

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

CVE-2022-30852

Known v1.3.1 contains an Insecure Direct Object Reference (IDOR) in the Known CMS. The vulnerability arises from getContent()/postContent() in the Homepage class (Homepage.php), where createGatekeeper() enables unauthorized access to admin settings, effectively exposing admin-panel configuration ...

CVE-2022-30852

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference IDOR...

Known 安全漏洞

Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from the discovery of the inclusion of an unsafe direct object reference IDOR...

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

Design/Logic Flaw

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

CVE-2022-31883

Marval MSM v14.19.0.12476 is affected by an Insecure Direct Object Reference (IDOR) vulnerability. A low-privilege user can view other users’ API keys, including Admins’ API keys. Root cause: IDOR flaw in the application’s handling of user/API key access. Impact stated in the provided sources is ...