Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-18 | CVE-2019-20529 | Files or Directories Accessible to External Parties vulnerability in Frappe 11.0.0/12.0.0 In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | 7.5 |
2020-03-05 | CVE-2020-5250 | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 6.3 |
2020-03-05 | CVE-2020-10105 | Files or Directories Accessible to External Parties vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.3 |
2020-02-17 | CVE-2015-4715 | Files or Directories Accessible to External Parties vulnerability in Owncloud The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 4.9 |
2020-02-11 | CVE-2019-13941 | Files or Directories Accessible to External Parties vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). | 7.5 |
2020-02-03 | CVE-2020-3927 | Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617 An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | 7.5 |
2020-02-03 | CVE-2020-3926 | Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617 An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | 7.5 |
2019-12-02 | CVE-2019-19018 | Files or Directories Accessible to External Parties vulnerability in Titanhq Webtitan An issue was discovered in TitanHQ WebTitan before 5.18. | 2.7 |
2019-11-05 | CVE-2019-17221 | Files or Directories Accessible to External Parties vulnerability in Phantomjs PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. | 7.5 |
2019-10-24 | CVE-2019-4398 | Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. | 3.3 |