Search
Total
259 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15815 | 1 Zyxel | 2 2.00\(abbx.3\), P-1302-t10d | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | |||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | |||||
| CVE-2019-14246 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | |||||
| CVE-2019-14245 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | |||||
| CVE-2019-13605 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360. | |||||
| CVE-2019-13461 | 1 Prestashop | 1 Prestashop | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. | |||||
| CVE-2019-13360 | 1 Centos-webpanel | 1 Centos Web Panel | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | |||||
| CVE-2019-13337 | 1 Weseek | 1 Growi | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is required. | |||||
| CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||||
| CVE-2019-12782 | 1 Thoughtspot | 1 Thoughtspot | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them. | |||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). | |||||
| CVE-2019-10108 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels. | |||||
| CVE-2018-20405 | 1 Bigtreecms | 1 Bigtree | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| ** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP." | |||||
| CVE-2018-19584 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | |||||
| CVE-2018-19582 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | |||||
| CVE-2018-19575 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | |||||
| CVE-2018-18976 | 1 Ascensia | 1 Contour Diabetes | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.) | |||||
| CVE-2018-16971 | 1 Wisetail | 1 Learning Management System | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | |||||
| CVE-2018-16704 | 1 Gleeztech | 1 Gleezcms | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. | |||||
| CVE-2018-16606 | 1 Proconf | 1 Proconf | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | |||||
| CVE-2018-15833 | 1 Vanillaforums | 1 Vanilla Forums | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | |||||
| CVE-2018-1000210 | 1 Yamldotnet Project | 1 Yamldotnet | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. | |||||
| CVE-2020-9384 | 1 Subex | 1 Roc Partner Settlement | 2020-04-23 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application. | |||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||||
| CVE-2020-7918 | 1 Totemo | 1 Totemomail | 2020-03-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | |||||
| CVE-2020-5539 | 1 Grandit | 1 Grandit | 2020-03-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors. | |||||
| CVE-2020-8503 | 1 Biscom | 1 Secure File Transfer | 2020-02-05 | 3.5 LOW | 6.5 MEDIUM |
| Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004. | |||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | |||||
| CVE-2020-6859 | 1 Ultimatemember | 1 Ultimate Member | 2020-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. | |||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2020-01-14 | 6.4 MEDIUM | 7.5 HIGH |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | |||||
| CVE-2019-19259 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | |||||
| CVE-2019-15913 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2020-01-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages. | |||||
| CVE-2019-5469 | 1 Gitlab | 1 Gitlab | 2019-12-27 | 5.5 MEDIUM | 6.5 MEDIUM |
| An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. | |||||
| CVE-2019-16723 | 1 Cacti | 1 Cacti | 2019-12-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | |||||
| CVE-2014-8356 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2019-12-04 | 6.5 MEDIUM | 8.8 HIGH |
| The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. | |||||
| CVE-2019-16546 | 1 Jenkins | 1 Google Compute Engine | 2019-11-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | |||||
| CVE-2019-17574 | 1 Code-atlantic | 1 Popup Maker | 2019-10-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file"). | |||||
| CVE-2017-0936 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | 4.9 MEDIUM | 5.7 MEDIUM |
| Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user. | |||||
| CVE-2019-17050 | 1 Thecontrolgroup | 1 Voyager | 2019-10-04 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. | |||||
| CVE-2018-16608 | 1 Monstra | 1 Monstra | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | |||||
| CVE-2017-15199 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | |||||
| CVE-2018-10211 | 1 Vaultize | 1 Enterprise File Sharing | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie. | |||||
| CVE-2017-15209 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | |||||
| CVE-2017-15208 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | |||||
| CVE-2017-15207 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | |||||
| CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | |||||
| CVE-2017-15211 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | |||||
| CVE-2017-15204 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | |||||
| CVE-2017-15203 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | |||||