Vulnerabilities > Direct Request ('Forced Browsing')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-09 | CVE-2020-29656 | Forced Browsing vulnerability in Asus Rt-Ac88U Firmware 3.0.0.4.386.46061 An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. | 7.5 |
2020-12-03 | CVE-2020-28937 | Forced Browsing vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | 7.5 |
2020-10-20 | CVE-2020-24765 | Forced Browsing vulnerability in Mind Imind Server 3.13.65 InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | 7.5 |
2020-09-30 | CVE-2020-26150 | Forced Browsing vulnerability in Logaritmo Aware Callmanager 2012 info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 7.5 |
2020-09-14 | CVE-2020-24660 | Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. | 9.8 |
2020-08-27 | CVE-2020-24203 | Forced Browsing vulnerability in Projectworlds Travel Management System 1.0 Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | 9.8 |
2020-06-11 | CVE-2020-13850 | Forced Browsing vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | 7.5 |
2020-05-13 | CVE-2019-2388 | Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5 In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. | 5.3 |
2020-04-07 | CVE-2020-11561 | Forced Browsing vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 8.8 |
2020-03-11 | CVE-2016-1000111 | Forced Browsing vulnerability in Twisted Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.3 |