471 matches found
PT-2025-2105 · Drupal · Ohdear Integration
Name of the Vulnerable Software and Affected Versions: OhDear Integration versions 0.0.0 through 2.0.3 Description: The issue is related to incorrect authorization in the OhDear Integration module for Drupal, allowing forceful browsing. This can enable a remote attacker to access confidential...
PT-2025-2097 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal Block permissions versions 1.0.0 through 1.2.0 Description: The issue is related to an incorrect authorization mechanism in the Block permissions module of the Drupal CMS system. This can allow a remote attacker to impact the...
PT-2025-2095 · Drupal · Drupal Persistent Login
Name of the Vulnerable Software and Affected Versions: Drupal Persistent Login versions 0.0.0 through 1.8.0 Drupal Persistent Login versions 2.0. through 2.2.2 Description: The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsin...
PT-2025-2092 · Drupal · Drupal Cms +1
Name of the Vulnerable Software and Affected Versions: Drupal Smart IP Ban versions 7.X-1.0 through 7.X-1.0 Description: The issue is related to insufficient authorization mechanisms in the Smart IP Ban module for the Drupal CMS, allowing a remote attacker to view and modify settings. This can le...
PT-2024-10287 · Unknown · File Entity
Name of the Vulnerable Software and Affected Versions: File Entity versions 7.X- before 7.X-2.39 Description: The issue allows for the insertion of sensitive information into sent data, enabling forceful browsing. This can lead to the disclosure of protected information. The estimated number of...
PT-2025-2089 · Drupal · Content Entity Clone
Name of the Vulnerable Software and Affected Versions: Content Entity Clone versions 0.0.0 through 1.0.4 Description: The issue is related to incorrect authorization in the Content Entity Clone module for Drupal, allowing forceful browsing. This can enable a remote attacker to disclose protected...
PT-2025-2087 · Unknown · Advanced Varnish
Name of the Vulnerable Software and Affected Versions: Advanced Varnish versions 0.0.0 through 4.0.10 Description: The issue is related to the insertion of sensitive information into sent data, which can allow forceful browsing. This can be exploited by a remote attacker to bypass security...
PT-2024-10348 · Drupal · Drupal Responsive/Off-Canvas Menu
Name of the Vulnerable Software and Affected Versions: Drupal Responsive and off-canvas menu versions 0.0.0 through 4.4.3 Description: The issue is related to an Incorrect Authorization vulnerability in the Drupal Responsive and off-canvas menu, which allows for Forceful Browsing. This means that...
PT-2024-10094 · Drupal · Drupal Rest & Json Api Authentication
Name of the Vulnerable Software and Affected Versions: Drupal REST & JSON API Authentication versions 0.0.0 through 2.0.12 Description: The issue is related to an Incorrect Authorization vulnerability in Drupal REST & JSON API Authentication, allowing Forceful Browsing. This can enable a remote...
PT-2024-10347 · Drupal · Email Contact
Name of the Vulnerable Software and Affected Versions: Email Contact versions 0.0.0 through 2.0.4 Description: The issue is related to insufficient granularity of access control in the Email Contact module for Drupal, allowing forceful browsing. This can be exploited by a remote attacker to bypas...
PT-2024-10086 · Drupal · Drupal Advanced Pwa Inc Push Notifications
Name of the Vulnerable Software and Affected Versions: Drupal Advanced PWA inc Push Notifications versions 0.0.0 through 1.5.0 Description: The issue is related to an incorrect authorization vulnerability in the Drupal Advanced PWA inc Push Notifications module, which allows for forceful browsing...
PT-2024-10361 · Drupal · Drupal Entity Delete Log
Name of the Vulnerable Software and Affected Versions: Drupal Entity Delete Log versions 0.0.0 through 1.1.1 Description: The issue is related to a lack of authorization in the Drupal Entity Delete Log, which allows for forceful browsing. This can enable a remote attacker to bypass security...
CVE-2023-2187
On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"...
Exploit for Out-of-bounds Write in 7-Zip
7-Zip CVE 2022-29072 - Powershell Detection/Mitigation...
CVE-2020-35570
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...
CVE-2020-35570
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...
Design/Logic Flaw
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...
CVE-2020-35570
MB connect line products mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual (through 2.11.2) are affected by a forceful-browsing vulnerability that allows an unauthenticated attacker to access restricted files. The issue is described under CVE-2020-35570 as an access to restricted f...
CVE-2020-35570 Foreced Browsing vulnerability in products of MB connect line and Helmholz
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...
PT-2021-11801 · Helmholz +1 · Myrex24.Virtual +2
Name of the Vulnerable Software and Affected Versions: MB connect line mymbCONNECT24 versions through 2.11.2 mbCONNECT24 versions through 2.11.2 Helmholz myREX24 versions through 2.11.2 myREX24.virtual versions through 2.11.2 Description: An issue allows an unauthenticated attacker to access...