CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

EUVD-2023-49890

Malicious code in bioql PyPI...

EUVD-2023-49888

Malicious code in bioql PyPI...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

Spoofing

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

CVE-2020-7541

The CVE-2020-7541 issue affects Schneider Electric Modicon devices: Modicon M340 Web Server, Legacy Modicon Quantum and Modicon Premium, and related Communication Modules. It is a CWE-425 Direct Request (Forced Browsing) flaw that could disclose sensitive data when a specially crafted HTTP reques...

JVN#14396697: CS-Cart Japanese Edition fails to restrict access permissions

CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Impact An unauthenticated remote attacker may obtain consumer's information such as its name and street address registered in the website. Solution Update the Software...

JVN#25598952: ​CS-Cart Japanese Edition fails to restrict access permissions

CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Impact An unauthenticated remote attacker may create a request of return an item that a consumer has purchased. Solution Update the Software Update to the latest versi...

Huawei Datacard Information Disclosure Vulnerability

This module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers. The module will gather information by accessing the /api pages where authentication is not required, allowing configuration changes as well as information disclosure, including any stored SMS. Thi...

Oracle Weblogic Application Server – Authorization bypass

Application: Oracle Weblogic Application Server Versions Affected: WebLogic Server 10.3.6.0/10.3.1.0, maybe others Vendor URL: http://www.oracle.com Bugs: Authorization bypass Exploits: YES Reported: 11.06.2014 Vendor response: 12.06.2014 Date of Public Advisory: 17.10.2014 Reference: Oracle CPU...

Siemens SIMATIC WinCC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. Researchers Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai of Positive...

PaperThin CommonSpot CMS contains multiple vulnerabilities

Overview PaperThin CommonSpot contains multiple vulnerabilities, which may allow an unauthenticated remote attacker to execute arbitrary code on the server. Description PaperThin CommonSpot is a content management system CMS that is based on Adobe ColdFusion. CommonSpot is composed of over 3000...

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...

WP-Forum Cross Site Scripting / SQL Injection

Multiple Vulnerabilities in WP Forum WordPress Plugin 1. Advisory Information Title: Multiple Vulnerabilities in WP-Forum Advisory URL: http://www.charleshooper.net/advisories/ Date Published: 12/17/2010 Vendors Contacted: WordPress. Maintainer of plugin is unreachable. 2. Summary WP Forum is a...