Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2020-22124 Files or Directories Accessible to External Parties vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
network
low complexity
joyplus-cms-project CWE-552
7.5
7.5
2021-08-16 CVE-2021-38711 Files or Directories Accessible to External Parties vulnerability in Gitit Project Gitit
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
network
low complexity
gitit-project CWE-552
7.5
7.5
2021-08-13 CVE-2021-37348 Files or Directories Accessible to External Parties vulnerability in Nagios XI
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
network
low complexity
nagios CWE-552
7.5
7.5
2021-08-05 CVE-2021-29969 Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data.
network
high complexity
mozilla CWE-552
5.9
5.9
2021-08-03 CVE-2021-36763 Files or Directories Accessible to External Parties vulnerability in Codesys products
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
network
low complexity
codesys CWE-552
7.5
7.5
2021-07-09 CVE-2021-32752 Files or Directories Accessible to External Parties vulnerability in Ethercreative Logs
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section.
network
low complexity
ethercreative CWE-552
4.9
4.9
2021-06-11 CVE-2021-22769 Files or Directories Accessible to External Parties vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.
network
low complexity
schneider-electric CWE-552
4.3
4.3
2021-06-09 CVE-2021-33359 Files or Directories Accessible to External Parties vulnerability in Sensepost Gowitness
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.
network
low complexity
sensepost CWE-552
7.5
7.5
2021-06-03 CVE-2021-31831 Files or Directories Accessible to External Parties vulnerability in Mcafee Database Security 4.6.6/4.8.0
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console.
low complexity
mcafee CWE-552
5.5
5.5
2021-05-26 CVE-2018-10863 Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL.
network
low complexity
redhat CWE-552
7.5
7.5