Vimeo: CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.

Hello, This time I found a IDORInsecure Direct Object Reference vulnerability. It allows an attacker to get unauthorized access to Videos of Channel whose privacy is set to Only moderators and people I choose without being a member. In simple words, we can access videos of private channel without...

CVE-2014-8372

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 FP3 allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference...

CVE-2014-8372

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 FP3 allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference...

Design/Logic Flaw

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 FP3 allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference...

CVE-2014-8372

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 FP3 allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference...

CVE-2014-8372

Affected product: AirWatch by VMware On-Premise 7.3.x (prior to 7.3.3.0 FP3). Issue: Direct object reference enables remote authenticated users to view organizational information and statistics of other tenants. This is an information disclosure vulnerability in multi-tenant deployments. Root cau...

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability EMC Identifier: ESA-2014-156 CVE Identifier: CVE-2014-4629 Severity Rating: CVSS v2 Base Score: 8.2 AV:N/AC:M/Au:S/C:C/I:P/A:C Affected products: • All EMC...

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

Design/Logic Flaw

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

CVE-2014-4629

EMC Documentum Content Server is affected by an Insecure Direct Object Reference (IDOR) vulnerability (CVE-2014-4629) in versions 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19. The issue allows remote authenticated attackers to read or delete arbitrary files via unspecified vectors. Remediation...

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

EMC Documentum Content Server Insecure Direct Object Reference (ESA-2014-156)

The remote host is running a version of EMC Documentum Content Server that is affected by an insecure direct object reference vulnerability, which allows a remote, authenticated attacker to potentially read or delete arbitrary files without authorization. C Tenable Network Security, Inc...

ZTE ZXDSL 831CII - Insecure Direct Object Reference

No description provided by source. Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference...

ZTE ZXDSL 831CII - Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure dire...

ZTE ZXDSL 831CII - Insecure Direct Object Reference

Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for...

ZTE ZXDSL 831CII Direct Object Reference

The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...

ZTE ZXDSL 831CII - Insecure Direct Object Reference

ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...

ZTE ZXDSL 831CII Insecure Direct Object Reference

The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...

Avolve Software ProjectDox Multiple Vulnerability Disclosure

--------------------------------------------------------------------- Product: ProjectDox Vendor: Avolve Software Vulnerable Version: 8.1 Tested Version: 8.1 Vendor Notification: May 30, 2014 Public Disclosure: September 3, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

MyFitnessPal App Patches Privacy Vulnerability

The details of a patched vulnerability in a popular mobile fitness application have been disclosed three months after a fixed was released. The flaw could have allowed a user to fetch the personal profile of another registered app user. MyFitnessPal deployed a fix on June 26 for a privacy flaw in...