Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-10 | CVE-2019-7305 | Files or Directories Accessible to External Parties vulnerability in Extplorer 1.0.0/2.0.0/2.1.0 Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. | 9.8 |
| 2020-04-01 | CVE-2020-11469 | Files or Directories Accessible to External Parties vulnerability in Zoom Meetings 4.6.8 Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | 7.8 |
| 2020-03-30 | CVE-2020-5289 | Files or Directories Accessible to External Parties vulnerability in Elide In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. | 6.5 |
| 2020-03-24 | CVE-2019-20593 | Files or Directories Accessible to External Parties vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 5.3 |
| 2020-03-18 | CVE-2019-20529 | Files or Directories Accessible to External Parties vulnerability in Frappe 11.0.0/12.0.0 In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | 7.5 |
| 2020-03-05 | CVE-2020-5250 | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 6.3 |
| 2020-03-05 | CVE-2020-10105 | Files or Directories Accessible to External Parties vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.3 |
| 2020-02-17 | CVE-2015-4715 | Files or Directories Accessible to External Parties vulnerability in Owncloud The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 4.9 |
| 2020-02-11 | CVE-2019-13941 | Files or Directories Accessible to External Parties vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). | 7.5 |
| 2020-02-03 | CVE-2020-3927 | Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617 An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | 7.5 |