CWE:
 

Topic
Date
Author
Low
Listeo WordPress Theme <= 1.6.10 - Multiple Authenticated IDOR Vulnerabilities
17.05.2021
m0ze
Med.
HomeSweet - Real Estate WordPress Theme v1.4 - IDOR leading to arbitrary deletion of ads
13.07.2020
Vlad Vector
Med.
CarSpot – Dealership Wordpress Classified Theme v2.2.0 Multiple Vulnerabilities
17.01.2020
m0ze
Med.
Fortify Software Security Center (SSC) 17.10/17.20/18.10 Information Disclosure (2)
24.12.2018
alt3kx


CVEMAP Search Results

CVE
Details
Description
2021-03-08
Waiting for details
CVE-2021-21324

Updating...
 

 
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /"glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1", and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with "Users" to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts.

 
2021-02-23
Low
CVE-2020-8297

Vendor: Nextcloud
Software: DECK
 

 
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.

 
2020-12-18
Medium
CVE-2020-26178

Vendor: Tangro
Software: Business wor...
 

 
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.

 
2020-12-11
Low
CVE-2020-13357

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.

 
2020-11-18
Medium
CVE-2020-26068

Vendor: Cisco
Software: Roomos
 

 
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.

 
2020-10-28
Low
CVE-2020-27742

Vendor: Citadel
Software: Webcit
 

 
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

 
2020-10-05
Low
CVE-2020-8235

Vendor: Nextcloud
Software: DECK
 

 
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

 
2020-09-23
Waiting for details
CVE-2020-16240

Updating...
 

 
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.

 
2020-07-28
Medium
CVE-2020-16088

Vendor: Openbsd
Software: Openbsd
 

 
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

 
2020-05-12
Medium
CVE-2020-8154

Vendor: Nextcloud
Software: Nextcloud server
 

 
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top