Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-17112 Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Datasecurity Plus
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012.
network
low complexity
zohocorp CWE-552
4.3
2019-10-08 CVE-2019-0381 Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
local
low complexity
sap CWE-552
5.5
2019-10-04 CVE-2019-17130 Files or Directories Accessible to External Parties vulnerability in Vbulletin
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
network
low complexity
vbulletin CWE-552
6.5
2019-09-26 CVE-2019-14273 Files or Directories Accessible to External Parties vulnerability in Silverstripe
In SilverStripe assets 4.0, there is broken access control on files.
network
low complexity
silverstripe CWE-552
5.3
2019-09-16 CVE-2019-13140 Files or Directories Accessible to External Parties vulnerability in Intenogroup Eg200 Firmware Eg200Wu7P1Uadamo3.16.41902261650
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus.
network
low complexity
intenogroup CWE-552
6.5
2019-08-01 CVE-2016-10829 Files or Directories Accessible to External Parties vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
network
low complexity
cpanel CWE-552
6.5
2019-07-24 CVE-2019-3622 Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
local
low complexity
mcafee CWE-552
8.2
2019-07-08 CVE-2019-13404 Files or Directories Accessible to External Parties vulnerability in Python
The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code.
local
low complexity
python CWE-552
7.8
2019-06-03 CVE-2019-12375 Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.
low complexity
ivanti CWE-552
6.3
2019-02-11 CVE-2018-9587 Files or Directories Accessible to External Parties vulnerability in Google Android
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario.
local
low complexity
google CWE-552
7.3