Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2021-09-02 CVE-2021-34765 Files or Directories Accessible to External Parties vulnerability in Cisco Nexus Insights
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application.
network
low complexity
cisco CWE-552
4.3
2021-08-31 CVE-2021-36233 Files or Directories Accessible to External Parties vulnerability in Unit4 Mik.Starlight 7.9.5.24363
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
network
low complexity
unit4 CWE-552
6.5
2021-08-20 CVE-2020-25351 Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-552
6.5
2021-08-18 CVE-2020-22124 Files or Directories Accessible to External Parties vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
network
low complexity
joyplus-cms-project CWE-552
7.5
2021-08-16 CVE-2021-38711 Files or Directories Accessible to External Parties vulnerability in Gitit Project Gitit
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
network
low complexity
gitit-project CWE-552
7.5
2021-08-13 CVE-2021-37348 Files or Directories Accessible to External Parties vulnerability in Nagios XI
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
network
low complexity
nagios CWE-552
7.5
2021-08-05 CVE-2021-29969 Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data.
network
high complexity
mozilla CWE-552
5.9
2021-08-03 CVE-2021-36763 Files or Directories Accessible to External Parties vulnerability in Codesys products
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
network
low complexity
codesys CWE-552
7.5
2021-07-09 CVE-2021-32752 Files or Directories Accessible to External Parties vulnerability in Ethercreative Logs
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section.
network
low complexity
ethercreative CWE-552
4.9
2021-06-09 CVE-2021-33359 Files or Directories Accessible to External Parties vulnerability in Sensepost Gowitness
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.
network
low complexity
sensepost CWE-552
7.5