Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2021-06-03 CVE-2021-31831 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console.
low complexity
mcafee CWE-552
5.5
2021-05-26 CVE-2018-10863 Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL.
network
low complexity
redhat CWE-552
7.5
2021-05-26 CVE-2018-10867 Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
network
low complexity
redhat CWE-552
critical
9.1
2021-05-17 CVE-2021-29024 Files or Directories Accessible to External Parties vulnerability in Invoiceplane 1.5.11
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download.
network
low complexity
invoiceplane CWE-552
7.5
2021-04-29 CVE-2021-1256 Files or Directories Accessible to External Parties vulnerability in Cisco Firepower Threat Defense
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques.
local
low complexity
cisco CWE-552
6.0
2021-04-05 CVE-2021-24154 Files or Directories Accessible to External Parties vulnerability in Themeeditor Theme Editor
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
network
low complexity
themeeditor CWE-552
4.9
2021-01-14 CVE-2020-27368 Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
local
low complexity
totolink CWE-552
5.5
2021-01-05 CVE-2020-17519 Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process.
network
low complexity
apache CWE-552
7.5
2020-11-17 CVE-2020-26549 Files or Directories Accessible to External Parties vulnerability in Aviatrix Controller 5.3.1516
An issue was discovered in Aviatrix Controller before R5.4.1290.
network
low complexity
aviatrix CWE-552
7.5
2020-11-03 CVE-2020-1908 Files or Directories Accessible to External Parties vulnerability in Whatsapp and Whatsapp Business
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
low complexity
whatsapp CWE-552
4.6