• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-639

CVE-2021-35337

February 23, 2023 by

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

CVE-2021-33981

February 23, 2023 by

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the “Fish | Hunt FL” iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people’s personal information and images of their hunting/fishing licenses.

CVE-2021-3380

February 23, 2023 by

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.

CVE-2021-32744

February 23, 2023 by

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier – the predictability of this file identifier is dependent on external file-storage implementations (this is a potential “IDOR” – Insecure Direct Object Reference – vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

CVE-2021-32654

February 23, 2023 by

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.

CVE-2021-31927

February 23, 2023 by

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 26
  • Go to page 27
  • Go to page 28
  • Go to page 29
  • Go to page 30
  • Interim pages omitted …
  • Go to page 50
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE