Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-24695 | Forced Browsing vulnerability in Tipsandtricks-Hq Simple Download Monitor The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames | 7.5 |
| 2021-11-05 | CVE-2021-42671 | Forced Browsing vulnerability in Engineers Online Portal Project Engineers Online Portal An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. | 5.0 |
| 2021-11-02 | CVE-2021-36560 | Forced Browsing vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | 7.5 |
| 2021-10-15 | CVE-2018-16060 | Forced Browsing vulnerability in Mitsubishielectric Smartrtu Firmware Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | 5.0 |
| 2021-09-29 | CVE-2021-36745 | Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0 A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | 10.0 |
| 2021-09-22 | CVE-2021-40875 | Forced Browsing vulnerability in Gurock Testrail Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. | 5.0 |
| 2021-08-03 | CVE-2021-26085 | Forced Browsing vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. | 5.3 |
| 2021-07-30 | CVE-2021-20114 | Forced Browsing vulnerability in Tecnick Tcexam When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | 5.0 |
| 2021-05-06 | CVE-2021-28150 | Forced Browsing vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. | 2.1 |
| 2021-04-22 | CVE-2021-24238 | Forced Browsing vulnerability in Purethemes Findeo and Realteo The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. | 6.5 |