CVE-2014-0839

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference...

Design/Logic Flaw

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference...

CVE-2014-0839

CVE-2014-0839 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3, and 6.6.x before 6.6.1). The issue is a direct object reference that allows remote authenticated users to modify data via targeted vectors. Impact is data modification; no exploitation details are pro...

Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail

These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...

Design/Logic Flaw

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference...

CVE-2012-1565

Technical details and affected versions are not publicly available in the provided documents. Monitor for updates from official advisories.

Tuenti.com Insecure Direct Object Reference

============================================= INTERNET SECURITY AUDITORS ALERT 2010-008 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4/10 CVSSv2 Base Scored ============================================= I...

Directory traversal

Directory traversal vulnerability in sla/index.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. dot dot in the l parameter, related to an "Insecur...

MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability

Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...

Proventia Network Mail Security System Insecure Direct Object Reference

Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...

Perl Safe模块对象引用绕过安全限制漏洞

BUGTRAQ ID: 40302 CVECAN ID: CVE-2010-1168,CVE-2010-1974 Perl是一种免费且功能强大的编程语言。 Perl中所使用的Safe模块没有正确地对经过隐式bless处理的对象限制DESTROY和AUTOLOAD等方式的代码，在访问或释放这些对象时 Safe可能未加限制的执行这些方式。在Safe隔离中所执行的特制Perl脚本可以利用这个漏洞绕过预期的Safe模块限制。 Perl 5.12.1 厂商补丁： Larry Wall ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Article Friendly Local File Inclusion

======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

Adobe Flash Player无效对象引用远程代码执行漏洞

BUGTRAQ ID: 33880 CVECAN ID: CVE-2009-0520 Flash Player是一款非常流行的FLASH播放器。 在处理Shockwave Flash文件时Flash Player会试图创建特定的对象及多个指向该对象的引用，之后会释放对象并删除关联的引用，但引用可能错误的仍保持指向对象。无效的对象位于未初始化的内存中，攻击者可以控制该内存区以获得执行控制权。 Adobe Flash Player 10.x 厂商补丁： Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 02.24.09 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 24, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows,...

Out-of-bounds

The Shared Trace Service aka OVTrace in HP Performance Agent C.04.70 aka 4.70, HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 aka Report 3.70 allows remote attackers to cause a denial of service via an unspecified series of RPC requests aka Trace...

mozilla: CSS reference counter overflow (ZDI-CAN-349)

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array aka nsCSSValue:Array data structure, which allows remote attackers to execute arbitrary code vi...