Vulnerabilities > Direct Request ('Forced Browsing')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-02 | CVE-2023-50935 | Forced Browsing vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. | 6.5 |
2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |
2023-11-14 | CVE-2023-44320 | Forced Browsing vulnerability in Siemens products Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator. | 4.3 |
2023-10-26 | CVE-2023-5786 | Forced Browsing vulnerability in Geoserver Geowebcache A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. | 8.8 |
2023-10-23 | CVE-2023-5702 | Forced Browsing vulnerability in Viessmann Vitogate 300 Firmware 2.1.3.0 A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. | 6.5 |
2023-08-26 | CVE-2023-4544 | Forced Browsing vulnerability in Byzoro Smart S85F Management Platform A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809. | 4.3 |
2023-07-20 | CVE-2023-3792 | Forced Browsing vulnerability in Netentsec Application Security Gateway 6.3 A vulnerability was found in Beijing Netcon NS-ASG 6.3. | 6.5 |
2023-06-29 | CVE-2015-1313 | Forced Browsing vulnerability in Jetbrains Teamcity JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | 6.5 |
2023-05-04 | CVE-2023-2524 | Forced Browsing vulnerability in Controlid Rhid 23.3.19.0 A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. | 9.8 |
2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |