Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
insecure direct object reference vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
Learndash Learndash
356
VMScore
CVE-2018-16971
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
Wisetail Learning Management System
356
VMScore
CVE-2010-0154
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware prior to 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l paramete...
Ibm Proventia Network Mail Security System Virtual Appliance
Ibm Proventia Network Mail Security System Virtual Appliance Firmware 1.6
NA
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, wit...
Wpwax Directorist
578
VMScore
CVE-2020-9384
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing versi...
Subex Roc Partner Settlement 10.5
NA
CVE-2023-26774
An issue found in Sales Tracker Management System v.1.0 allows a remote malicious user to access sensitive information via sales.php component of the admin/reports endpoint.
Sales Tracker Management System Project Sales Tracker Management System 1.0
NA
CVE-2023-1888
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and a...
Wpwax Directorist
NA
CVE-2024-3139
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorizat...
905
VMScore
CVE-2016-7786
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
Sophos Cyberoam Cr25ing Utm Firmware 10.6.2
1 EDB exploit
356
VMScore
CVE-2018-7691
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Microfocus Fortify Software Security Center 17.10
Microfocus Fortify Software Security Center 17.20
Microfocus Fortify Software Security Center 18.10
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »