Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-425

CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425

CVE-2019-1899 MEDIUM

Cisco RV110W/RV130W/RV215W - Info Disclosure

CVE-2019-1898 MEDIUM

Cisco RV110W, RV130W, and RV215W - Info Disclosure

CVE-2019-3934 MEDIUM

Crestron AM-100 and AM-101 - Unauthenticated Improper Access Control via login.cgi

CVE-2019-3933 MEDIUM

Crestron AM-100 and AM-101 - Unauthenticated Access Control Bypass via /images/browserslide.jpg

CVE-2019-3916 HIGH

Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 - Unauthenticated Information Disclosure via API Endpoint

CVE-2019-3917 HIGH

Nokia I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 - Unauthenticated Telnetd Enablement via HTTP Request

CVE-2019-9552 CRITICAL

eloan 3.0-2018-09-20 - Unauthenticated Directory Listing via Direct Request

CVE-2019-6551 HIGH

Pangea Communications Internet FAX ATA <3.1.8 - Auth Bypass

CVE-2019-7736 CRITICAL

D-Link DIR-600M C1 3.04 - Auth Bypass

CVE-2019-6126 HIGH

PHP Scripts Mall Advance Peer to Peer MLM Script <1.7.0 - Auth Bypass

CVE-2018-16060 HIGH

Mitsubishi Electric Europe B.V. SmartRTU - Info Disclosure

CVE-2018-18862 HIGH

BMC Remedy Mid-Tier 7.1.00-9.1.02.003 - Privilege Escalation

CVE-2018-6669 MEDIUM

McAfee Application Control/Change Control <7.0.1 - RCE

CVE-2018-18922 CRITICAL

AbiSoft Ticketly 1.0 - Unauthenticated Privilege Escalation via add_user Action

CVE-2018-19620 MEDIUM

showdoc < 2.4.2 - Unauthenticated Incorrect Access Control via Modified page_id

CVE-2018-19207 CRITICAL

Van Ons WP GDPR Compliance <1.4.3 - RCE

CVE-2018-19143 MEDIUM

OTRS <4.0.33-6.0.13 - Privilege Escalation

CVE-2018-19109 HIGH

tianti 2.3 - Authenticated Permission Bypass via Direct Request to Column List Endpoint

CVE-2018-16706 HIGH

LG SuperSign CMS - Unauthenticated Denial of Service via /qsr_server/device/reboot Endpoint

CVE-2018-3774 CRITICAL

url-parse < 1.4.3 - Server-Side Request Forgery via Incorrect Hostname Parsing

CVE-2018-7526 HIGH

TotalAlert Web App <v4107600010.23 - Info Disclosure

CVE-2018-11346 MEDIUM

ASUSTOR AS6202T ADM 3.1.0.RFQ3 - Info Disclosure

CVE-2018-0267 MEDIUM

Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Information via Web Interface

CVE-2018-0266 MEDIUM

Cisco Unified Communications Manager - Authenticated Exposure of Sensitive Configuration Data via Web Interface

CVE-2018-0198 MEDIUM

Cisco Unified Communications Manager - Info Disclosure

Previous Page 8 of 10 Next

Details

Vulnerabilities 226

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy