resolved
Insecure Direct Object Reference (IDOR) Vulnerability in Autodesk User Profile
Bug reported by Eyad was disclosed at February 19, 2025, 1:27 pm | Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR) vulnerability was discovered in the Autodesk User Profile, where the "id" parameter could be used to edit another user's profile.
resolved
Cisco IOS XE instance at 41.208.24.174 vulnerable to CVE-2023-20198
Bug reported by ꦄꦤ꧀ꦢꦿꦶ was disclosed at February 19, 2025, 6:23 am | Command Injection - Generic
The Cisco IOS XE instance at 41.208.24.174 was found vulnerable to CVE-2023-20198. This vulnerability allowed bypassing authentication to reach the webui_wsma_http web endpoint, enabling the execution of arbitrary Cisco IOS commands or making configuration changes with Privilege 15 privileges. The exploitation also involved leveraging CVE-2023-20273 to escalate to the underlying Linux OS root user.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
