199 matches found
Apache OFBiz Forced Browsing Vulnerability
Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...
VulnCheck KEV: CVE-2024-45195
Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...
Viessmann Climate Solutions SE Vitogate 300
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Viessmann Climate Solutions SE Equipment : Vitogate 300 Vulnerabilities : Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION...
K000141002: Apache OFBiz vulnerabilities CVE-2024-32113, CVE-2024-36104, and CVE-2024-45195
Security Advisory Description CVE-2024-32113 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. CVE-2024-36104...
CVE-2024-45195
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195
Apache OFBiz is affected by CVE-2024-45195: Direct Request (Forced Browsing) vulnerability that allows unauthenticated remote code execution in versions prior to 18.12.16. The issue arises from missing view authorization checks, enabling an attacker with no credentials to execute arbitrary code o...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
Apache OFBiz 安全漏洞
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation in the United States. The system provides a suite of Java-based web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 18.12.16 that stems from a direct request...
PT-2024-5989
Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.16 Description The issue is a Direct Request 'Forced Browsing' vulnerability in Apache OFBiz, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. This vulnerabilit...
Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability (CNVD-2024-31230)
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...
Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability, which is caused du...
Siemens SINEMA Remote Connect Server 安全漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...
Siemens SINEMA Remote Connect 安全漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability, which is caused du...
CVE-2023-45598
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
PT-2024-13262 · Unknown · Ailux Imx6 Bundle
Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A vulnerability in the "measure" functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. The issue is related to a...
IBM PowerSC Forced Browsing Vulnerability
IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has a forced browsing vulnerability vulnerability that stems from not properly restricting access to URLs or resources, which can be exploited by an attacker to gain...
CVE-2023-46186
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929...
CVE-2023-46186
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929...