Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2019-20529 Files or Directories Accessible to External Parties vulnerability in Frappe 11.0.0/12.0.0
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
network
low complexity
frappe CWE-552
7.5
2020-03-05 CVE-2020-5250 Files or Directories Accessible to External Parties vulnerability in Prestashop
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address.
network
low complexity
prestashop CWE-552
6.3
2020-03-05 CVE-2020-10105 Files or Directories Accessible to External Parties vulnerability in Zammad
An issue was discovered in Zammad 3.0 through 3.2.
network
low complexity
zammad CWE-552
5.3
2020-02-17 CVE-2015-4715 Files or Directories Accessible to External Parties vulnerability in Owncloud
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
network
low complexity
owncloud CWE-552
4.9
2020-02-11 CVE-2019-13941 Files or Directories Accessible to External Parties vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00).
network
low complexity
siemens CWE-552
7.5
2020-02-03 CVE-2020-3927 Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
network
low complexity
changingtec CWE-552
7.5
2020-02-03 CVE-2020-3926 Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
network
low complexity
changingtec CWE-552
7.5
2019-12-02 CVE-2019-19018 Files or Directories Accessible to External Parties vulnerability in Titanhq Webtitan
An issue was discovered in TitanHQ WebTitan before 5.18.
network
low complexity
titanhq CWE-552
2.7
2019-11-05 CVE-2019-17221 Files or Directories Accessible to External Parties vulnerability in Phantomjs
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI.
network
low complexity
phantomjs CWE-552
7.5
2019-10-24 CVE-2019-4398 Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies.
local
low complexity
ibm CWE-552
3.3