Vulnerabilities > Direct Request ('Forced Browsing')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-28 | CVE-2017-2143 | Forced Browsing vulnerability in Frogman Office INC products CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | 5.0 |
2017-04-28 | CVE-2017-2139 | Forced Browsing vulnerability in Frogman Office INC Cs-Cart CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | 5.0 |
2017-04-02 | CVE-2017-2486 | Forced Browsing vulnerability in Apple Iphone OS and Safari An issue was discovered in certain Apple products. | 4.3 |
2015-08-23 | CVE-2015-2873 | Forced Browsing vulnerability in Trendmicro Deep Discovery Inspector Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. | 5.5 |
2002-12-31 | CVE-2002-1798 | Forced Browsing vulnerability in Midicart PHP, Midicart PHP Maxi and Midicart PHP Plus MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | 9.1 |