Total
508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42067 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | 4.3 Medium |
| Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | ||||
| CVE-2022-2828 | 1 Octopus | 1 Octopus Server | 2022-10-14 | 6.5 Medium |
| In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | ||||
| CVE-2021-21255 | 1 Glpi-project | 1 Glpi | 2022-10-14 | 5.7 Medium |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. | ||||
| CVE-2021-36865 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2022-10-04 | 4.3 Medium |
| Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | ||||
| CVE-2017-15201 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | ||||
| CVE-2017-15200 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | ||||
| CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | ||||
| CVE-2017-15197 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | ||||
| CVE-2017-15208 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | ||||
| CVE-2017-15203 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | ||||
| CVE-2017-15207 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | ||||
| CVE-2017-15204 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | ||||
| CVE-2017-15199 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | ||||
| CVE-2017-15202 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | ||||
| CVE-2017-15195 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | ||||
| CVE-2017-15196 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | ||||
| CVE-2017-15209 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | ||||
| CVE-2017-15211 | 1 Kanboard | 1 Kanboard | 2022-10-03 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | ||||
| CVE-2018-1000210 | 1 Yamldotnet Project | 1 Yamldotnet | 2022-10-03 | N/A |
| YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. | ||||
| CVE-2022-1613 | 1 10up | 1 Restricted Site Access | 2022-09-28 | 5.3 Medium |
| The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | ||||