Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-33359 | Files or Directories Accessible to External Parties vulnerability in Sensepost Gowitness A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file. | 7.5 |
| 2021-06-03 | CVE-2021-31831 | Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0 Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. | 5.5 |
| 2021-05-26 | CVE-2018-10863 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. | 7.5 |
| 2021-05-26 | CVE-2018-10867 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | 9.1 |
| 2021-05-17 | CVE-2021-29024 | Files or Directories Accessible to External Parties vulnerability in Invoiceplane 1.5.11 In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. | 7.5 |
| 2021-04-29 | CVE-2021-1256 | Files or Directories Accessible to External Parties vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. | 6.0 |
| 2021-04-05 | CVE-2021-24154 | Files or Directories Accessible to External Parties vulnerability in Themeeditor Theme Editor The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd | 4.9 |
| 2021-01-14 | CVE-2020-27368 | Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023 Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | 5.5 |
| 2021-01-05 | CVE-2020-17519 | Files or Directories Accessible to External Parties vulnerability in Apache Flink 1.11.0/1.11.1/1.11.2 A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. | 7.5 |
| 2020-11-17 | CVE-2020-26549 | Files or Directories Accessible to External Parties vulnerability in Aviatrix Controller 5.3.1516 An issue was discovered in Aviatrix Controller before R5.4.1290. | 7.5 |