Lucene search
+L

199 matches found

cvelist
cvelist
added 2023/03/30 9:26 a.m.21 views

CVE-2023-1699 Rapid7 Nexpose Forced Browsing

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...

4.3CVSS9.4AI score0.00446EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/03/30 12:0 a.m.10 views

PT-2023-17180 · Rapid7 · Rapid7 Nexpose

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions 6.6.186 and below Description: This issue allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. The vulnerability is related to forced browsing, which enables unauthorized acces...

9.8CVSS9.2AI score0.00446EPSS
Exploits0References6
osv
osv
added 2023/03/29 2:15 p.m.6 views

CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

5.3CVSS6.1AI score0.00431EPSS
Exploits0References2
nvd
nvd
added 2023/03/29 2:15 p.m.15 views

CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

6.5CVSS6.3AI score0.00431EPSS
Exploits0References2
prion
prion
added 2023/03/29 2:15 p.m.23 views

Design/Logic Flaw

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

5CVSS5.2AI score0.00431EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/03/29 1:16 p.m.55 views

CVE-2023-1663

CVE-2023-1663 affects Coverity Connect prior to 2023.3.2. The root cause is an insecurely configured servlet mapping in the underlying Apache Tomcat, leading to a forced browsing vulnerability where the downloads directory and its contents become accessible to unauthorized actors. Affected softwa...

6.5CVSS5.3AI score0.00431EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/03/29 1:16 p.m.8 views

CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

6.5CVSS6.4AI score0.00431EPSS
Exploits0References2
cvelist
cvelist
added 2023/03/29 1:16 p.m.22 views

CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

6.5CVSS6.6AI score0.00431EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/03/29 12:0 a.m.5 views

PT-2023-17153 · Synopsys +1 · Coverity +1

Name of the Vulnerable Software and Affected Versions: Coverity versions prior to 2023.3.2 Description: The issue is related to forced browsing, which exposes authenticated resources to unauthorized actors due to an insecurely configured servlet mapping for the underlying Apache Tomcat server. Th...

6.5CVSS5AI score0.00431EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/03/29 12:0 a.m.4 views

Synopsys Coverity Connect 安全漏洞

Synopsys Coverity Connect is a Web-based platform from Synopsys. It consists primarily of static code analysis and dynamic code analysis tools. A security vulnerability exists in versions prior to Coverity 2023.3.2 that stems from the presence of a forced browsing vulnerability, which exposes...

6.5CVSS5.8AI score0.00431EPSS
Exploits0References3
osv
osv
added 2022/12/26 9:15 p.m.6 views

CVE-2019-13988

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References2
prion
prion
added 2022/12/26 9:15 p.m.11 views

Design/Logic Flaw

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...

3.3CVSS6.3AI score0.00376EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/12/26 12:0 a.m.27 views

CVE-2019-13988

Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request aka Forced Browsing...

6.3AI score0.00376EPSS
Exploits0References2
cve
cve
added 2022/12/26 12:0 a.m.64 views

CVE-2019-13988

Summary of CVE-2019-13988 : Sierra Wireless MGOS is affected. Versions before 3.15.2, and 4.x before 4.3, allow attackers to read log files via a Direct Request (also known as Forced Browsing). The underlying issue enables unauthorized access to log data without authentication, as described acros...

6.5CVSS6.2AI score0.00376EPSS
Exploits0References2Affected Software1
packetstorm
packetstorm
added 2022/11/10 12:0 a.m.240 views

HEUR:Trojan.MSIL.Agent.gen MVID-2022-0654 Information Disclosure

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR:Trojan.MSIL.Agent.gen Vulnerability: Information Disclosure Description: the malware...

7.4AI score
Exploits0
jvn
jvn
added 2022/10/20 7:18 a.m.36 views

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a Time-of-check Time-of-use TOCTOU Race...

9.1CVSS7.2AI score0.00971EPSS
Exploits0References20
osv
osv
added 2022/10/10 9:15 p.m.4 views

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...

9.1CVSS5.8AI score0.00971EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/10/10 9:15 p.m.9 views

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...

9.1CVSS7.4AI score0.00971EPSS
Exploits0References3
nvd
nvd
added 2022/10/10 9:15 p.m.26 views

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...

9.1CVSS0.00971EPSS
Exploits0References2
cve
cve
added 2022/10/10 12:0 a.m.53 views

CVE-2022-41746

CVE-2022-41746 describes a forced browsing/privilege-escalation vulnerability in Trend Micro Apex One. An attacker with console access could navigate to targeted URLs and, bypassing normal authorization, escalate privileges and modify agent groupings. The issue requires the attacker to log into t...

9.1CVSS9.2AI score0.00971EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder