Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24625
Faveo 5.0.1 allows remote malicious users to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Ladybirdweb Faveo Servicedesk 5.0.1
4
CVSSv2
CVE-2022-29627
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows malicious users to modify products that are owned by other sellers.
Online Market Place Site Project Online Market Place Site 1.0
4
CVSSv2
CVE-2022-29008
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows malicious users to access sensitive information.
Phpgurukul Bus Pass Management System 1.0
1 Github repository
6.5
CVSSv2
CVE-2020-7948
An issue exists in the Login by Auth0 plugin prior to 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Auth0 Login By Auth0
2.7
CVSSv2
CVE-2020-13462
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
Tufin Securetrack
7.5
CVSSv2
CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) prior to 10.0 build 10007 via an attachment to a request.
Zohocorp Manageengine Servicedesk Plus
7.5
CVSSv2
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
Jetbrains Youtrack
4
CVSSv2
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
Asustor As6202t Firmware
7.5
CVSSv2
CVE-2012-1565
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.
Ez Ez Publish 4.6.0
Ez Ez Publish 4.2.0
Ez Ez Publish 4.3.0
Ez Ez Publish 4.4.0
Ez Ez Publish 4.5.0
Ez Ez Publish 4.1.4
5
CVSSv2
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
1byte Copy9 -
1byte Fonetracker -
1byte Ispyoo -
1byte Guestspy -
1byte Thespyapp -
1byte Secondclone -
1byte The Truth Spy -
1byte Mxspy -
1byte Exactspy -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »