Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2020-3926 Files or Directories Accessible to External Parties vulnerability in Changingtec Servisign 1.0.19.0617
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
network
low complexity
changingtec CWE-552
7.5
7.5
2019-12-02 CVE-2019-19018 Files or Directories Accessible to External Parties vulnerability in Titanhq Webtitan
An issue was discovered in TitanHQ WebTitan before 5.18.
network
low complexity
titanhq CWE-552
2.7
2.7
2019-11-05 CVE-2019-17221 Files or Directories Accessible to External Parties vulnerability in Phantomjs
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI.
network
low complexity
phantomjs CWE-552
7.5
7.5
2019-10-24 CVE-2019-4398 Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies.
local
low complexity
ibm CWE-552
3.3
3.3
2019-10-09 CVE-2019-17112 Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Datasecurity Plus
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012.
network
low complexity
zohocorp CWE-552
4.3
4.3
2019-10-08 CVE-2019-0381 Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
local
low complexity
sap CWE-552
5.5
5.5
2019-10-04 CVE-2019-17130 Files or Directories Accessible to External Parties vulnerability in Vbulletin
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
network
low complexity
vbulletin CWE-552
6.5
6.5
2019-09-26 CVE-2019-14273 Files or Directories Accessible to External Parties vulnerability in Silverstripe
In SilverStripe assets 4.0, there is broken access control on files.
network
low complexity
silverstripe CWE-552
5.3
5.3
2019-09-16 CVE-2019-13140 Files or Directories Accessible to External Parties vulnerability in Intenogroup Eg200 Firmware Eg200Wu7P1Uadamo3.16.41902261650
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus.
network
low complexity
intenogroup CWE-552
6.5
6.5
2019-08-01 CVE-2016-10829 Files or Directories Accessible to External Parties vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
network
low complexity
cpanel CWE-552
6.5
6.5