Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22240 Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
network
low complexity
vmware CWE-552
4.9
4.9
2024-02-02 CVE-2024-24161 Files or Directories Accessible to External Parties vulnerability in Mrcms 3.0
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
network
low complexity
mrcms CWE-552
7.5
7.5
2024-01-29 CVE-2023-4550 Files or Directories Accessible to External Parties vulnerability in Opentext Appbuilder 21.2
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
network
low complexity
opentext CWE-552
7.5
7.5
2024-01-29 CVE-2024-1005 Files or Directories Accessible to External Parties vulnerability in Shanxi Tianneng Technology Noderp
A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical.
network
low complexity
shanxi-tianneng-technology CWE-552
7.5
7.5
2024-01-16 CVE-2023-52112 Files or Directories Accessible to External Parties vulnerability in Huawei Emui and Harmonyos
Unauthorized file access vulnerability in the wallpaper service module.
network
low complexity
huawei CWE-552
5.3
5.3
2024-01-11 CVE-2023-6266 Files or Directories Accessible to External Parties vulnerability in Backupbliss Backup Migration
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6.
network
low complexity
backupbliss CWE-552
7.5
7.5
2023-12-26 CVE-2023-6114 Files or Directories Accessible to External Parties vulnerability in Awesomemotive Duplicator
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data.
network
low complexity
awesomemotive CWE-552
7.5
7.5
2023-12-14 CVE-2023-48661 Files or Directories Accessible to External Parties vulnerability in Dell products
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability.
network
low complexity
dell CWE-552
4.9
4.9
2023-12-11 CVE-2023-5907 Files or Directories Accessible to External Parties vulnerability in Bitapps File Manager
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
network
low complexity
bitapps CWE-552
6.5
6.5
2023-12-07 CVE-2023-50164 Files or Directories Accessible to External Parties vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache CWE-552
critical
 9.8
9.8