Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-03 | CVE-2021-31831 | Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0 Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. | 5.5 |
2021-05-26 | CVE-2018-10863 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. | 7.5 |
2021-05-26 | CVE-2018-10867 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | 9.1 |
2021-05-17 | CVE-2021-29024 | Files or Directories Accessible to External Parties vulnerability in Invoiceplane 1.5.11 In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. | 7.5 |
2021-04-29 | CVE-2021-1256 | Files or Directories Accessible to External Parties vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. | 6.0 |
2021-04-05 | CVE-2021-24154 | Files or Directories Accessible to External Parties vulnerability in Themeeditor Theme Editor The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd | 4.9 |
2021-01-14 | CVE-2020-27368 | Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023 Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | 5.5 |
2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |
2020-11-17 | CVE-2020-26549 | Files or Directories Accessible to External Parties vulnerability in Aviatrix Controller 5.3.1516 An issue was discovered in Aviatrix Controller before R5.4.1290. | 7.5 |
2020-11-03 | CVE-2020-1908 | Files or Directories Accessible to External Parties vulnerability in Whatsapp and Whatsapp Business Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. | 4.6 |