Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-6669 | Forced Browsing vulnerability in Mcafee Application Change Control 6.2.0/7.0.0/7.0.1 A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | 8.0 |
| 2018-12-13 | CVE-2018-18922 | Forced Browsing vulnerability in Abisoftgt Ticketly 1.0 add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | 9.8 |
| 2018-11-28 | CVE-2018-19620 | Forced Browsing vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | 4.3 |
| 2018-11-12 | CVE-2018-19207 | Forced Browsing vulnerability in Van-Ons Wp-Gdpr-Compliance The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | 9.8 |
| 2018-11-11 | CVE-2018-19143 | Forced Browsing vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | 6.5 |
| 2018-11-08 | CVE-2018-19109 | Forced Browsing vulnerability in Tianti Project Tianti 2.3 tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. | 8.8 |
| 2018-09-14 | CVE-2018-16706 | Forced Browsing vulnerability in LG Supersign CMS LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | 7.5 |
| 2018-05-24 | CVE-2018-7526 | Forced Browsing vulnerability in Beaconmedaes Scroll Medical AIR Systems Firmware In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | 7.5 |
| 2018-05-22 | CVE-2018-11346 | Forced Browsing vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | 4.3 |
| 2018-04-19 | CVE-2018-0267 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. | 6.5 |