CVE-2011-3710

bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...

CVE-2012-3838

Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to 1 admin/templates/babygekko/index.php or 2 templates/html5demo/index.php...

CVE-2011-3817

Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436...

CVE-2011-3753

LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files...

CVE-2019-13988

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...

CVE-2011-3708

Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php...

CVE-2011-3772

phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/notinewtopic.php and certain other files...

CVE-2006-6974

Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 list files in the includes/ directory; obtain the SQL username and password via a direct request for 2 config.php and 3 config.php.bak in includes/; rea...

Direct Request ('Forced Browsing')

Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to Dire...

Direct Request ('Forced Browsing')

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' due to improper authorization checks. An attacker can access sensitive asset information without the required permissions by exploiting the...

Unblu Spark 安全漏洞

Unblu Spark is a key component in a conversation-centered digital customer experience platform from Swiss company Unblu. A security vulnerability exists in Unblu Spark that stems from a direct API request to upload a file even when the file upload feature is disabled...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-11049 ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2024-43692

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly...

Apache OFBiz < 18.12.16 Multiple Vulnerabilities

The version of Apache OFBiz running on the remote host is prior to 18.12.16. It is, therefore, potentially affected by the following vulnerabilities: - Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. CVE-2024-45507 - Direct...

CVE-2024-45195

Apache OFBiz is affected by CVE-2024-45195: Direct Request (Forced Browsing) vulnerability that allows unauthenticated remote code execution in versions prior to 18.12.16. The issue arises from missing view authorization checks, enabling an attacker with no credentials to execute arbitrary code o...

Apache OFBiz 安全漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation in the United States. The system provides a suite of Java-based web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 18.12.16 that stems from a direct request...

CVE-2024-7753

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2024-7753 SourceCodester Clinics Patient Management System user_images direct request

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2024-7753 SourceCodester Clinics Patient Management System user_images direct request

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...