Lucene search
+L

960 matches found

CVE
CVE
added 2021/09/27 3:32 p.m.57 views

CVE-2021-36874

Summary of CVE-2021-36874 : Affected product is WordPress plugin uListing ≤ 2.0.5. The vulnerability is an Authenticated Insecure Direct Object Reference (IDOR) , allowing an authenticated user to access/modify listing data via IDOR endpoints (e.g., publish, feature, delete listings). Root cause ...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 3:32 p.m.28 views

CVE-2021-36874 WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

7.1CVSS8.9AI score0.01064EPSS
Exploits1References2
OSV
OSV
added 2021/08/30 6:15 p.m.3 views

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

7.2CVSS7.3AI score0.00999EPSS
Exploits1References1
OSV
OSV
added 2021/08/09 10:15 a.m.5 views

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

8.1CVSS7.4AI score0.00646EPSS
Exploits2References2
Prion
Prion
added 2021/08/09 10:15 a.m.15 views

Cross site request forgery (csrf)

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

5.8CVSS8AI score0.00646EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.5 views

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Workreap theme versions prior to 2.2.2 that stems from...

8.1CVSS7.6AI score0.00646EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.22 views

WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

8.8CVSS2.8AI score0.01064EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/02 12:0 a.m.17 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS3.5AI score0.00646EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/07/02 12:0 a.m.23 views

WordPress Workreap premium theme <= 2.2.1 - Multiple Cross-Site Scripting (CSRF) + Insecure Direct Object References (IDOR) vulnerabilities

Multiple Cross-Site Scripting CSRF + Insecure Direct Object References IDOR vulnerabilities discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...

8.1CVSS1.1AI score0.00646EPSS
Exploits2References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.25 views

Atlassian Jira < 8.5.10 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

4.3CVSS5.1AI score0.012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.20 views

Atlassian Jira 8.6.x < 8.13.2 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

4.3CVSS5.1AI score0.012EPSS
Exploits0References2
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.194 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS0.6AI score0.00646EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2021/06/24 1:26 p.m.35 views

CVE-2021-23995

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

8.8CVSS7.9AI score0.01214EPSS
Exploits0
Packet Storm
Packet Storm
added 2021/06/14 12:0 a.m.230 views

Accela Civic Platform 21.1 Insecure Direct Object Reference

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

6.6AI score0.08236EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.259 views

Accela Civic Platform 21.1 - &#039;contactSeqNumber&#039; Insecure Direct Object References (IDOR)

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

6.5CVSS6.5AI score0.08236EPSS
Exploits4
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/05/14 5:11 a.m.134 views

Echelon PII Leak and Disclosure Fail

Echelon Echelon Fitness is a competitor to companies such as Peloton. You buy the hardware, quickly assemble it, buy a subscription, use a built-in or external smart device and you do your exercise thing! However, their API had significantly worse security flaws than those we found in Peloton...

6.6AI score
Exploits0
Patchstack
Patchstack
added 2021/03/30 12:0 a.m.10 views

WordPress Realteo premium plugin <= 1.2.3 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze in WordPress Realteo premium plugin versions = 1.2.3. Solution Update the WordPress Realteo premium plugin to the latest available version at least 1.2.4...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/03/29 12:0 a.m.20 views

WordPress Listeo premium theme <= 1.6.07 - Authenticated Multiple Insecure Direct Object References (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities discovered by m0ze Patchstack Red Team in the WordPress Listeo premium theme versions = 1.6.07. Solution Update the WordPress Listeo premium theme to the latest available version at least 1.6.11...

2.9AI score
Exploits0References1Affected Software1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.249 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control (IDOR)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 10:46 a.m.161 views

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

7.8CVSS1.1AI score0.02328EPSS
Exploits0
Rows per page
Query Builder