Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-16970
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
Wisetail Learning Management System
5.3
CVSSv3
CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and previous versions failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated malicious users to gain access to potentially sensitive project information stored by the application.
Openasset Digital Asset Management
NA
CVE-2010-0154
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware prior to 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l paramete...
Ibm Proventia Network Mail Security System Virtual Appliance
Ibm Proventia Network Mail Security System Virtual Appliance Firmware 1.6
8.8
CVSSv3
CVE-2023-1888
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and a...
Wpwax Directorist
6.5
CVSSv3
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, wit...
Wpwax Directorist
7.5
CVSSv3
CVE-2023-26774
An issue found in Sales Tracker Management System v.1.0 allows a remote malicious user to access sensitive information via sales.php component of the admin/reports endpoint.
Sales Tracker Management System Project Sales Tracker Management System 1.0
8.8
CVSSv3
CVE-2020-9384
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing versi...
Subex Roc Partner Settlement 10.5
NA
CVE-2024-3139
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorizat...
8.8
CVSSv3
CVE-2016-7786
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
Sophos Cyberoam Cr25ing Utm Firmware 10.6.2
1 EDB exploit
6.5
CVSSv3
CVE-2018-7691
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »