199 matches found
CVE-2023-1699 Rapid7 Nexpose Forced Browsing
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...
PT-2023-17180 · Rapid7 · Rapid7 Nexpose
Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions 6.6.186 and below Description: This issue allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. The vulnerability is related to forced browsing, which enables unauthorized acces...
CVE-2023-1663
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
CVE-2023-1663
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
Design/Logic Flaw
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
CVE-2023-1663
CVE-2023-1663 affects Coverity Connect prior to 2023.3.2. The root cause is an insecurely configured servlet mapping in the underlying Apache Tomcat, leading to a forced browsing vulnerability where the downloads directory and its contents become accessible to unauthorized actors. Affected softwa...
CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
PT-2023-17153 · Synopsys +1 · Coverity +1
Name of the Vulnerable Software and Affected Versions: Coverity versions prior to 2023.3.2 Description: The issue is related to forced browsing, which exposes authenticated resources to unauthorized actors due to an insecurely configured servlet mapping for the underlying Apache Tomcat server. Th...
Synopsys Coverity Connect 安全漏洞
Synopsys Coverity Connect is a Web-based platform from Synopsys. It consists primarily of static code analysis and dynamic code analysis tools. A security vulnerability exists in versions prior to Coverity 2023.3.2 that stems from the presence of a forced browsing vulnerability, which exposes...
CVE-2019-13988
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...
Design/Logic Flaw
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...
CVE-2019-13988
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...
CVE-2019-13988
Summary of CVE-2019-13988 : Sierra Wireless MGOS is affected. Versions before 3.15.2, and 4.x before 4.3, allow attackers to read log files via a Direct Request (also known as Forced Browsing). The underlying issue enables unauthorized access to log data without authentication, as described acros...
HEUR:Trojan.MSIL.Agent.gen MVID-2022-0654 Information Disclosure
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR:Trojan.MSIL.Agent.gen Vulnerability: Information Disclosure Description: the malware...
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a Time-of-check Time-of-use TOCTOU Race...
CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
CVE-2022-41746
CVE-2022-41746 describes a forced browsing/privilege-escalation vulnerability in Trend Micro Apex One. An attacker with console access could navigate to targeted URLs and, bypassing normal authorization, escalate privileges and modify agent groupings. The issue requires the attacker to log into t...