Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-07 | CVE-2020-11561 | Forced Browsing vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 8.8 |
| 2020-03-11 | CVE-2016-1000111 | Forced Browsing vulnerability in Twistedmatrix Twisted Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.3 |
| 2020-03-09 | CVE-2020-10248 | Forced Browsing vulnerability in Meinbwa Direx-Pro Firmware 1.2181 BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | 7.5 |
| 2020-03-07 | CVE-2020-8439 | Forced Browsing vulnerability in Monstra Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. | 6.5 |
| 2020-03-05 | CVE-2019-17646 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. | 7.5 |
| 2020-03-05 | CVE-2019-17645 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. | 7.5 |
| 2020-03-04 | CVE-2019-17644 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. | 7.5 |
| 2020-03-04 | CVE-2019-17643 | Forced Browsing vulnerability in Centreon An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. | 7.5 |
| 2019-11-26 | CVE-2019-16388 | Forced Browsing vulnerability in Pega Platform 8.3 PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. | 4.3 |
| 2019-11-26 | CVE-2019-16386 | Forced Browsing vulnerability in Pega Platform PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. | 4.3 |