4456 matches found
CVE-2021-39889
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...
CVE-2021-39889
Removed by vendor...
PT-2021-22735 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 and later Description: The issue is related to an insecure direct object reference vulnerability. An endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
Information disclosure
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
CVE-2021-37777
The CVE-2021-37777 entry concerns Gila CMS 2.2.0, where an Insecure Direct Object Reference allows information disclosure. The issue arises via thumbnail access: thumbnails uploaded by one site owner can be accessed by another site owner by knowing the site name and fuzzing for image names. This ...
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...
GitLab Enterprise Edition 信息泄露漏洞
GitLab Enterprise Edition is a content management system GitLab is a self-hosted Git version control system project repository application developed by GitLab, Inc. using Ruby on Rails. The program can be used to access the contents of a project's files, commit history, bug lists, and more. An...
College Management System 1.0 Insecure Direct Object Reference
Exploit Title: college management system - Add admin Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version: 1.0 Teste...
WordPress plugin uListing insecure direct object reference vulnerability
WordPress plugin uListing is a directory and listing plugin based on Vue.js. WordPress plugin uListing 2.0.5 and earlier versions are vulnerable to an insecure direct object reference vulnerability. No detailed vulnerability details are currently available...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Unauthenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download Vendor: FatPipe Networks Inc. Product web page:...
WordPress 插件 跨站脚本漏洞
WordPress plugin uListing is a directory and listing plugin based on Vue.js. WordPress plugin uListing 2.0.5 and earlier versions are vulnerable to an insecure direct object reference vulnerability. No detailed vulnerability details are currently available...
ownCloud Insecure Direct Object Reference Vulnerability (oC-SA-2016-010)
ownCloud is prone to an insecure direct object reference vulnerability in the Gallery app. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
OpenEMR <= 7.0.0 IDOR Vulnerability
OpenEMR is prone to an insecure direct object reference IDOR vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-40355
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...
Input validation
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...
CVE-2021-40355
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allo...
Teamcenter 代码问题漏洞
Siemens Teamcenter, a product lifecycle management computer software application from Siemens, Germany, is vulnerable to a code issue that results from an application containing an insecure direct object reference IDOR vulnerability that could be exploited by an attacker to directly access object...
ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference
ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...