Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-5262 Files or Directories Accessible to External Parties vulnerability in Projectdiscovery Interactsh
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.
network
low complexity
projectdiscovery CWE-552
critical
 9.8
9.8
2024-02-06 CVE-2024-22240 Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
network
low complexity
vmware CWE-552
4.9
4.9
2024-02-02 CVE-2024-24161 Files or Directories Accessible to External Parties vulnerability in Mrcms 3.0
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
network
low complexity
mrcms CWE-552
7.5
7.5
2024-01-29 CVE-2023-4550 Files or Directories Accessible to External Parties vulnerability in Opentext Appbuilder 21.2
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
network
low complexity
opentext CWE-552
7.5
7.5
2024-01-16 CVE-2023-52112 Files or Directories Accessible to External Parties vulnerability in Huawei Emui and Harmonyos
Unauthorized file access vulnerability in the wallpaper service module.
network
low complexity
huawei CWE-552
5.3
5.3
2024-01-11 CVE-2023-6266 Files or Directories Accessible to External Parties vulnerability in Backupbliss Backup Migration
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6.
network
low complexity
backupbliss CWE-552
7.5
7.5
2023-12-26 CVE-2023-6114 Files or Directories Accessible to External Parties vulnerability in Awesomemotive Duplicator
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data.
network
low complexity
awesomemotive CWE-552
7.5
7.5
2023-12-14 CVE-2023-48661 Files or Directories Accessible to External Parties vulnerability in Dell products
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability.
network
low complexity
dell CWE-552
4.9
4.9
2023-12-11 CVE-2023-5907 Files or Directories Accessible to External Parties vulnerability in Bitapps File Manager
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
network
low complexity
bitapps CWE-552
6.5
6.5
2023-11-30 CVE-2023-6375 Files or Directories Accessible to External Parties vulnerability in Tylertech Court Case Management Plus
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker.
network
low complexity
tylertech CWE-552
7.5
7.5