CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...

CVE-2019-17604

CVE-2019-17604 is an Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS up to 2019-10-15. An attacker can modify the id parameter to change other candidates’ personal information (e.g., first name, last name, email, CV, phone, etc.). The related Red Hat CVE-2019-17604 entry ...

Moneybird: IDOR in https://moneybird.com/user/accountant_company/edit(change company name)

Reporter found a way to change the name of an accountant company for which he didn't have permissions. We added extra checks to prevent these kind of Insecure Direct Object Reference bugs...

Input validation

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

WordPress Zoner Real Estate Theme 4.1.1 Cross Site Scripting

Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...

V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform v2.03 Unauthenticated Configuration Download Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPO...

CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

CVE-2019-14724

CVE-2019-14724 affects CentOS Web Panel version 0.9.8.851. The vulnerability is an insecure object reference that allows an attacker with an attacker account to edit the victim’s e‑mail forwarding destination. Root cause: improper access control on the object representing the e‑mail forwarding se...

CVE-2019-14725

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...

PT-2019-13805 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to modify the e-mail usage value of a victim's account using their own account, due to an insecure object reference. Recommendations: For version 0.9.8.851, at the...

CVE-2019-14727

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account...

CVE-2019-14726

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...

CVE-2019-14729

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account...