Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-48661 | Files or Directories Accessible to External Parties vulnerability in Dell products Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. | 4.9 |
| 2023-12-11 | CVE-2023-5907 | Files or Directories Accessible to External Parties vulnerability in Bitapps File Manager The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. | 6.5 |
| 2023-12-07 | CVE-2023-50164 | Files or Directories Accessible to External Parties vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |
| 2023-11-30 | CVE-2023-6375 | Files or Directories Accessible to External Parties vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. | 7.5 |
| 2023-11-17 | CVE-2023-39545 | Files or Directories Accessible to External Parties vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
| 2023-11-09 | CVE-2023-47612 | Files or Directories Accessible to External Parties vulnerability in Telit products A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | 6.1 |
| 2023-11-07 | CVE-2023-42534 | Files or Directories Accessible to External Parties vulnerability in Samsung Android 12.0/13.0 Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | 5.5 |
| 2023-11-06 | CVE-2023-4930 | Files or Directories Accessible to External Parties vulnerability in Shamimsplugins Front END PM The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | 6.5 |
| 2023-11-02 | CVE-2023-31017 | Files or Directories Accessible to External Parties vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. | 7.8 |
| 2023-10-31 | CVE-2023-5099 | Files or Directories Accessible to External Parties vulnerability in Jonashjalmarsson Html Filter and Csv-File Search The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. | 8.8 |