Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
240
VMScore
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
Tufin Securetrack
356
VMScore
CVE-2022-29008
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows malicious users to access sensitive information.
Phpgurukul Bus Pass Management System 1.0
1 Github repository
NA
CVE-2023-45393
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated malicious users to access sensitive information via a crafted cookie.
Grandingteco Utime Master 9.0.7
NA
CVE-2022-34138
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows malicious users to access sensitive information.
Biltema Baby Camera Firmware 124
Biltema Ip Camera Firmware 124
NA
CVE-2024-4886
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
Buddyboss Buddyboss Platform
668
VMScore
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
NA
CVE-2023-42334
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote malicious user to escalate privileges via the user parameter.
Fl3xx Crew 2.10.37
Fl3xx Dispatch 2.10.37
NA
CVE-2022-36202
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
Doctor's Appointment System Project Doctor's Appointment System 1.0
1 Github repository
NA
CVE-2021-36865
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows malicious users to change the content of the quiz.
Quizandsurveymaster Quiz And Survey Master
NA
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
Solarwinds Orion Platform 2020.2.6
Solarwinds Orion Platform
Solarwinds Orion Platform 2022.2
Solarwinds Orion Platform 2022.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »