Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-3917 | Forced Browsing vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | 7.5 |
| 2019-03-04 | CVE-2019-9552 | Forced Browsing vulnerability in Eloan Project Eloan 20180920/3.0 Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | 9.8 |
| 2019-02-28 | CVE-2019-6551 | Forced Browsing vulnerability in Pangea-Comm FAX ATA 3.1.8 Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | 7.5 |
| 2019-02-11 | CVE-2019-7736 | Forced Browsing vulnerability in Dlink Dir-600M Firmware 3.04 D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page. | 9.8 |
| 2019-01-11 | CVE-2019-6126 | Forced Browsing vulnerability in Advance Peer to Peer MLM Script Project Advance Peer to Peer MLM Script 1.7.0 The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. | 7.5 |
| 2018-12-20 | CVE-2018-6669 | Forced Browsing vulnerability in Mcafee Application Change Control 6.2.0/7.0.0/7.0.1 A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | 8.0 |
| 2018-12-13 | CVE-2018-18922 | Forced Browsing vulnerability in Abisoftgt Ticketly 1.0 add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | 9.8 |
| 2018-11-28 | CVE-2018-19620 | Forced Browsing vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | 4.3 |
| 2018-11-12 | CVE-2018-19207 | Forced Browsing vulnerability in Van-Ons Wp-Gdpr-Compliance The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | 9.8 |
| 2018-11-11 | CVE-2018-19143 | Forced Browsing vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | 6.5 |