CVE-2020-29031

CVE-2020-29031 affects Secomea GateManager web UI. An Insecure Direct Object Reference allows an authenticated attacker to reset the password of any user in its domain or sub-domain via privilege escalation, impacting GateManager versions prior to 9.2c. The issue is evidenced across multiple sour...

CVE-2021-21022 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

CVE-2020-13462

Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...

PT-2021-2949 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an insecure direct object reference IDOR in the product module, which could lead to unauthorized...

Adobe Magento 授权问题漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

CVE-2020-16194

An Insecure Direct Object Reference IDOR vulnerability was found in Prestashop Opart devis 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the deliveryaddress and invoiceaddress fields...

CVE-2020-16194

CVE-2020-16194 concerns an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis versions before 4.0.2. Unauthenticated attackers can access any user’s invoice and delivery address by exploiting IDOR on the delivery_address and invoice_address fields. The vulnerability is documented a...

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

Design/Logic Flaw

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

CVE-2021-26024

Technical details about CVE-2021-26024 are not publicly provided in the supplied documents. Monitor for updates.

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in the Favorites component of Nagios XI 5.8.0 before 1.0.2, which stems fr...

Atlassian Jira Server and Data Center Access Control Error Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

Atlassian Jira Server and Data Center 输入验证错误漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

CVE-2020-29446

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...

Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities

Atlassian Fisheye and Crucible are both products of Atlassian Australia.Atlassian Fisheye is a deep source code viewer.Crucible is a code review tool. A security vulnerability exists in Atlassian Fisheye and Atlassian Crucible, which can be exploited by an attacker to browse local files via an...

CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

CVE-2021-21012 Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure...