Search
Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45892 | 1 Floorsightsoftware | 1 Insight | 2024-01-08 | N/A | 7.5 HIGH |
| An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | |||||
| CVE-2023-45893 | 1 Floorsightsoftware | 1 Customer Portal | 2024-01-08 | N/A | 7.5 HIGH |
| An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | |||||
| CVE-2023-51503 | 1 Automattic | 1 Woopayments | 2024-01-05 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | |||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
| CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | |||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2023-12-29 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2023-12-29 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | |||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2023-12-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-49298 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2023-12-26 | N/A | 7.5 HIGH |
| OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. | |||||
| CVE-2023-48641 | 1 Archerirm | 1 Archer | 2023-12-15 | N/A | 8.8 HIGH |
| Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources. | |||||
| CVE-2023-38884 | 1 Os4ed | 1 Opensis | 2023-11-30 | N/A | 7.5 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | |||||
| CVE-2023-45380 | 1 Silbersaiten | 1 Order Duplicator | 2023-11-15 | N/A | 8.8 HIGH |
| In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address. | |||||
| CVE-2023-28481 | 1 Tigergraph | 1 Tigergraph | 2023-08-21 | N/A | 8.8 HIGH |
| An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key. | |||||
| CVE-2023-37543 | 1 Cacti | 1 Cacti | 2023-08-17 | N/A | 7.5 HIGH |
| Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | |||||
| CVE-2022-1949 | 3 Fedoraproject, Port389, Redhat | 4 Fedora, 389-ds-base, Directory Server and 1 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | |||||
| CVE-2022-34770 | 1 Tabit | 1 Tabit | 2023-08-08 | N/A | 7.5 HIGH |
| Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number. | |||||
| CVE-2022-34775 | 1 Tabit | 1 Tabit | 2023-08-08 | N/A | 7.5 HIGH |
| Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | |||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2023-08-08 | 5.5 MEDIUM | 7.1 HIGH |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | |||||
| CVE-2023-38257 | 1 Iagona | 1 Scrutisweb | 2023-07-28 | N/A | 7.5 HIGH |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | |||||
| CVE-2021-24739 | 1 Shapedplugin | 1 Logo Carousel | 2022-07-29 | 5.5 MEDIUM | 8.1 HIGH |
| The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature | |||||
| CVE-2022-2193 | 1 Hypr | 1 Hypr Server | 2022-07-27 | N/A | 8.8 HIGH |
| Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1. | |||||
| CVE-2021-24655 | 1 Wpusermanager | 1 Wp User Manager | 2022-07-18 | 6.0 MEDIUM | 7.5 HIGH |
| The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account. | |||||
| CVE-2022-31883 | 1 Marvalglobal | 1 Marval Msm | 2022-07-14 | 4.0 MEDIUM | 8.8 HIGH |
| Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. | |||||
| CVE-2021-41608 | 1 Classapps | 1 Selectsurvey.net | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | |||||
| CVE-2020-36126 | 1 Paxtechnology | 1 Paxstore | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment terminals, where an attacker can impersonate any user which may lead to the unauthorized disclosure, modification, or destruction of information. | |||||
| CVE-2021-41847 | 1 3xlogic | 1 Infinias Access Control | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credentials. Also, an authorized user of one zone can send API requests to unlock electronic locks associated with zones they are unauthorized to have access to. They can also create new user logins for zones they were not authorized to access, including the root zone of the software. | |||||
| CVE-2022-0624 | 1 Parse-path Project | 1 Parse-path | 2022-07-07 | 7.5 HIGH | 7.3 HIGH |
| Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | |||||
| CVE-2022-1614 | 1 Wp-email Project | 1 Wp-email | 2022-06-28 | 4.3 MEDIUM | 7.5 HIGH |
| The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. | |||||
| CVE-2022-31295 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | |||||
| CVE-2022-1762 | 1 Webence | 1 Iq Block Country | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | |||||
| CVE-2022-28986 | 1 Lmsdoctor | 1 2 Factor Authentication | 2022-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. | |||||
| CVE-2022-26665 | 1 Tylertech | 1 Odyssey Portal | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. | |||||
| CVE-2022-1459 | 1 Open-emr | 1 Openemr | 2022-05-04 | 5.5 MEDIUM | 8.3 HIGH |
| Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | |||||
| CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | |||||
| CVE-2021-41305 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version 8.13.12.. | |||||
| CVE-2021-41306 | 1 Atlassian | 3 Jira, Jira Server, Jira Software Data Center | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | |||||
| CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | |||||
| CVE-2021-37214 | 1 Larvata | 1 Flygo | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command. | |||||
| CVE-2022-22828 | 1 Synametrics | 1 Synaman | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | |||||
| CVE-2021-22023 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | |||||
| CVE-2021-3965 | 1 Hp | 54 Designjet T1530 L2y23a, Designjet T1530 L2y23a Firmware, Designjet T1530 L2y24a and 51 more | 2022-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | |||||
| CVE-2021-3852 | 1 Weseek | 1 Growi | 2022-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| growi is vulnerable to Authorization Bypass Through User-Controlled Key | |||||
| CVE-2021-44160 | 1 Cth | 1 Carinal Tien Hospital Health Report System | 2022-01-10 | 7.5 HIGH | 7.3 HIGH |
| Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user. | |||||
| CVE-2019-18998 | 1 Abb | 1 Asset Suite | 2022-01-01 | 5.5 MEDIUM | 7.1 HIGH |
| Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly. | |||||
| CVE-2021-24892 | 1 Advanced Forms Project | 1 Advanced Forms | 2021-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress's user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function. | |||||
| CVE-2021-22967 | 1 Concretecms | 1 Concrete Cms | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H | |||||
| CVE-2021-22951 | 1 Concretecms | 1 Concrete Cms | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 | |||||
| CVE-2021-41307 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0. | |||||