Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-3712 Files or Directories Accessible to External Parties vulnerability in Honeywell Pm43 Firmware
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g.
local
low complexity
honeywell CWE-552
7.8
2023-09-06 CVE-2023-4588 Files or Directories Accessible to External Parties vulnerability in Delinea Secret Server 10.9.000002/11.4.000002
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions.
network
low complexity
delinea CWE-552
4.9
2023-09-03 CVE-2023-4743 Files or Directories Accessible to External Parties vulnerability in Dreamer CMS Project Dreamer CMS
A vulnerability was found in Dreamer CMS up to 4.1.3.
network
high complexity
dreamer-cms-project CWE-552
4.8
2023-08-31 CVE-2023-41717 Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.
local
low complexity
zscaler CWE-552
5.5
2023-08-22 CVE-2023-4475 Files or Directories Accessible to External Parties vulnerability in Asustor Data Master
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories.
local
low complexity
asustor CWE-552
5.5
2023-08-03 CVE-2023-38952 Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
network
low complexity
zkteco CWE-552
7.5
2023-08-03 CVE-2023-38948 Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
network
low complexity
jizhicms CWE-552
7.2
2023-08-03 CVE-2023-37551 Files or Directories Accessible to External Parties vulnerability in Codesys products
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller.
network
low complexity
codesys CWE-552
6.5
2023-07-30 CVE-2023-32226 Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
network
low complexity
sysaid CWE-552
6.5
2023-07-13 CVE-2023-29450 Files or Directories Accessible to External Parties vulnerability in Zabbix
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
network
low complexity
zabbix CWE-552
7.5