Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-22 | CVE-2022-2392 | Files or Directories Accessible to External Parties vulnerability in Lana Downloads Manager The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. | 6.5 |
| 2022-08-16 | CVE-2022-36306 | Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. | 6.5 |
| 2022-08-10 | CVE-2022-22490 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. | 4.9 |
| 2022-08-08 | CVE-2022-2357 | Files or Directories Accessible to External Parties vulnerability in WSM Downloader Project WSM Downloader 1.4.0 The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | 7.5 |
| 2022-08-01 | CVE-2022-1585 | Files or Directories Accessible to External Parties vulnerability in Project-Source-Code-Download Project Project-Source-Code-Download 1.0.0 The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | 7.5 |
| 2022-07-30 | CVE-2022-33158 | Files or Directories Accessible to External Parties vulnerability in Trendmicro VPN Proxy ONE PRO Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | 7.8 |
| 2022-07-20 | CVE-2022-34049 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | 5.3 |
| 2022-07-17 | CVE-2021-40150 | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. | 7.5 |
| 2022-07-17 | CVE-2021-40149 | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. | 5.9 |
| 2022-07-17 | CVE-2022-2222 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |