Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-28 | CVE-2020-13474 | Forced Browsing vulnerability in Nchsoftware Express Accounts 8.24 In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 6.5 |
| 2020-12-11 | CVE-2020-7541 | Forced Browsing vulnerability in Schneider-Electric products A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. | 5.3 |
| 2020-12-09 | CVE-2020-29656 | Forced Browsing vulnerability in Asus Rt-Ac88U Firmware 3.0.0.4.386.46061 An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. | 7.5 |
| 2020-12-03 | CVE-2020-28937 | Forced Browsing vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | 7.5 |
| 2020-10-20 | CVE-2020-24765 | Forced Browsing vulnerability in Mind Imind Server 3.13.65 InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | 7.5 |
| 2020-09-30 | CVE-2020-26150 | Forced Browsing vulnerability in Logaritmo Aware Callmanager 2012 info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 7.5 |
| 2020-09-14 | CVE-2020-24660 | Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. | 9.8 |
| 2020-08-27 | CVE-2020-24203 | Forced Browsing vulnerability in Projectworlds Travel Management System 1.0 Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | 9.8 |
| 2020-06-11 | CVE-2020-13850 | Forced Browsing vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | 7.5 |
| 2020-05-13 | CVE-2019-2388 | Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5 In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. | 5.3 |