Filtered by CWE-425
Filtered by vendor Subscriptions
Total 177 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-14993 1 Oxid-esales 1 Eshop 2024-11-21 N/A
OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.
CVE-2017-14244 1 Iball 2 Ib-wra150n, Ib-wra150n Firmware 2024-11-21 9.8 Critical
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
CVE-2017-10833 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2024-11-21 N/A
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.
CVE-2015-2873 1 Trendmicro 1 Deep Discovery Inspector 2024-11-21 N/A
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.
CVE-2005-1892 1 Flatnuke 1 Flatnuke 2024-11-21 N/A
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
CVE-2005-1827 1 Dlink 2 Dsl-504t, Dsl-504t Firmware 2024-11-21 N/A
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
CVE-2005-1698 1 Postnuke 1 Postnuke 2024-11-21 N/A
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
CVE-2005-1697 1 Postnuke 1 Postnuke 2024-11-21 N/A
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
CVE-2005-1688 1 Wordpress 1 Wordpress 2024-11-21 N/A
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVE-2005-1685 1 Episodex 1 Episodex Guestbook 2024-11-21 N/A
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
CVE-2005-1668 1 Yusasp 1 Web Asset Manager 2024-11-21 N/A
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
CVE-2005-1654 1 Hostingcontroller 1 Hosting Controller 2024-11-21 N/A
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
CVE-2004-2257 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
CVE-2004-2144 1 Baalsystems 1 Baal Smart Forms 2024-11-21 N/A
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
CVE-2002-1798 1 Midicart 3 Midicart Php, Midicart Php Maxi, Midicart Php Plus 2024-11-21 9.1 Critical
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
CVE-2024-42001 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-21 8.6 High
An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session.
CVE-2024-7753 2 Clinics Patient Management System Project, Oretnom23 2 Clinics Patient Management System, Clinic\'s Patient Management System 2024-08-19 5.3 Medium
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.