4460 matches found
CVE-2018-19575
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
CVE-2018-19575
CVE-2018-19575 affects GitLab CE/EE: versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1 are vulnerable to an insecure direct object reference that allows a user to comment on a locked issue. Root cause is an insecure direct object reference in issue commenting log...
CVE-2018-19575
Removed by vendor...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
Design/Logic Flaw
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
PrestaShop
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168...
CVE-2019-12866
CVE-2019-12866 affects JetBrains YouTrack and is described as an Insecure Direct Object Reference with Authorization Bypass via a user-controlled key. The issue was fixed in YouTrack version 2018.4.49168 (per JetBrains) and is reflected in multiple sources (NVD/Red Hat/CVE listings). The NVD CVSS...
PRODSECBUG-2429: Insecure object reference via customer REST API
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...
Default credentials
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...
CVE-2019-12742
Bludit prior to 3.9.1 is affected. A vulnerability in bl-kernel/admin/controllers/user-password.php allows a non-privileged user to change the password of any account (including admin) via an insecure direct object reference using a modified username POST parameter. Affected: Bludit content manag...
CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference a modified username POST parameter...
Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit
Google Chrome 73.0.3683.103 - WasmMemoryObject::Grow Use-After-Free Exploit memoryobject, uint32t pages ... Handle newbuffer; if oldbuffer-isshared // Adjust protections for the buffer. if !AdjustBufferPermissionsisolate, oldbuffer, newsize return -1; void backingstore = oldbuffer-backingstore; i...
SOCA Access Control System 180612 - Information Disclosure
Exploit for php platform in category web applications SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint...
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
Cross site request forgery (csrf)
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...
CVE-2019-6716
An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...