Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-16388 | Forced Browsing vulnerability in Pega Platform 8.3 PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. | 4.3 |
| 2019-11-26 | CVE-2019-16386 | Forced Browsing vulnerability in Pega Platform PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. | 4.3 |
| 2019-09-20 | CVE-2019-11326 | Forced Browsing vulnerability in Topcon Net-G5 Firmware 5.2.2 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. | 6.5 |
| 2019-09-11 | CVE-2019-1220 | Forced Browsing vulnerability in Microsoft Edge and Internet Explorer A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 4.3 |
| 2019-08-14 | CVE-2019-9584 | Forced Browsing vulnerability in Eq-3 Homematic Ccu2 Firmware and Homematic Ccu3 Firmware eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. | 7.5 |
| 2019-08-14 | CVE-2019-13030 | Forced Browsing vulnerability in Mediola NEO Server eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. | 6.4 |
| 2019-08-06 | CVE-2019-14347 | Forced Browsing vulnerability in Schben Adive Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | 8.8 |
| 2019-07-25 | CVE-2019-9884 | Forced Browsing vulnerability in Eclass IP 2.5 eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | 10.0 |
| 2019-07-19 | CVE-2019-13981 | Forced Browsing vulnerability in Rangerstudio Directus 7 API In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. | 5.0 |
| 2019-06-27 | CVE-2019-12583 | Forced Browsing vulnerability in Zyxel products Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. | 6.4 |