4455 matches found
1CRM 8.6.7 Insecure Direct Object Reference
Security Advisory ARA-2020-005: Insecure Direct Object Reference CVE-2020-15958 Affected Products and Environments Product: 1CRM =8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System ENT-8.6.6 and Startup+ Edition 8.5.15 Environments: All host environments Security Risk Severity: High CVSS v3:...
New Relic: IDOR - User is able to download charts/dashboards from cross accounts
@k3ne described an issue where a user on an account could access data concerning dashboards for another user on the same account. While this appeared to be a cross-account access issue, both users on the account have access to the same data by design...
Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API
An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...
Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Online Shopping Alphaware 1.0 Insecure Direct Object Reference
Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by multiple vulnerabilities in Telerik.Web.UI.dll : - An insecure direct object reference vulnerability due to user input used directly by RadAsyncUpload without modification or validation...
Lark Technologies: Messages disclosure via search feature of other users group(Cross-Tenant).
Due to a Insecure Direct Object Reference IDOR vulnerability identified within the message search function of Lark, an attacker could have potentially viewed messages, docs, and attachments shared in other users groups. We thank @base64 for reporting this to our team and verifying the resolution...
CVE-2020-13700
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...
Cross site request forgery (csrf)
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...
CVE-2020-13700
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...
Information Exposure
An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...
Insecure Direct Object Reference
github.com/gogs/gogs is vulnerable to insecure direct object reference. A remote attacker is able to configure and set the primary email address of other users on their behalf...
Revisiting old tools
Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...
CVE-2020-13815
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...
Design/Logic Flaw
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...
CVE-2020-13815
CVE-2020-13815 affects Foxit Reader and PhantomPDF prior to version 9.7.1. The issue is a stack-consumption vulnerability caused by a loop over an indirect object reference in the affected PDF processing path. Impact, as described, is a memory/stack exhaustion scenario; no explicit exploitation d...
CVE-2020-13815
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference...
openSUSE Security Update : nextcloud (openSUSE-2020-670)
This update for nextcloud to 18.0.4 fixes the following issues : Security issues fixed : - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe device...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0670-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0670-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...