4448 matches found
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI...
Bumble: Insecure Direct Object Reference on badoo.com
Hi, I want to report IDOR Insecure Direct Object Reference vulnerability to you. IDOR Details are here: https://www.owasp.org/index.php/Top102010-A4-InsecureDirectObjectReferences https://www.owasp.org/index.php/TestingforInsecureDirectObjectReferences%28OTG-AUTHZ-004%29 As the pages say: Insecur...
Veris: Insecure Direct 'org-visitor-log' References
The particular issue was related to Insecure Direct Object Reference vulnerability where a particular API was not included in the main permission sets. So the enumeration attacks could be executed...
Veris: Insecure Direct Member Disclosure
The particular issue was related to Insecure Direct Object Reference vulnerability where a particular API was not included in the main permission sets. So the enumeration attacks could be executed...
New Relic: Normal user can set "Job title" of other users by Direct Object Reference
A normal user when logs in to "New Relic" and navigates to the "Account Settings" page, can only set his/her own Job title. All other user's Job title selection are not available. But using a proxy tool like Burp Suite, while changing his own job role, if he replaces his own ID with any other use...
Veris: Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely
Hello Team, I have found an extremely critical issue with the help of which an attacker can delete any member of any organization. The vulnerability is Insecure Direct Object ReferenceIDOR which leads to privilege escalation as an attacker can perform such a critical attack from his own account...
perfact::mpa Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-069 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-064 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-059 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-058 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Versions: 9.0.2 Tested Versions: 9.0.2 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: Medium Solution Status: Fixed...
Chamilo LMS Insecure Direct Object Reference
Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...
Chamilo LMS IDOR - (messageId) Delete Post Vulnerability
Document Title: =============== Chamilo LMS IDOR - messageId Delete Post Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability Laboratory...
ProjectSend r582 - Multiple Vulnerabilities
ProjectSend r582 - Multiple Vulnerabilities Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object...
ProjectSend r582 - Multiple Vulnerabilities
Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk level: 4 / 5 Credit:...
ProjectSend r582 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk...
Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities
Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product...