Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2019-01-22 CVE-2017-6922 Files or Directories Accessible to External Parties vulnerability in multiple products
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users.
network
low complexity
drupal debian CWE-552
6.5
2018-09-12 CVE-2018-16946 Files or Directories Accessible to External Parties vulnerability in LG products
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control.
network
low complexity
lg CWE-552
7.5
2018-06-11 CVE-2018-5112 Files or Directories Accessible to External Parties vulnerability in multiple products
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances.
network
low complexity
mozilla canonical CWE-552
7.5
2018-03-23 CVE-2017-1602 Files or Directories Accessible to External Parties vulnerability in IBM products
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL.
network
low complexity
ibm CWE-552
4.3
2018-01-18 CVE-2018-0106 Files or Directories Accessible to External Parties vulnerability in Cisco Elastic Services Controller
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system.
local
low complexity
cisco CWE-552
3.3
2017-11-09 CVE-2017-16651 Files or Directories Accessible to External Parties vulnerability in multiple products
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017.
local
low complexity
roundcube debian CWE-552
7.8
2017-10-23 CVE-2017-7079 Files or Directories Accessible to External Parties vulnerability in Apple Itunes
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-552
5.5
2017-10-13 CVE-2017-11829 Files or Directories Accessible to External Parties vulnerability in Microsoft Windows 10 and Windows Server 2016
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
local
low complexity
microsoft CWE-552
5.5
2017-09-30 CVE-2017-14942 Files or Directories Accessible to External Parties vulnerability in Intelbras WRN 150 Firmware 1.0.1
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
network
low complexity
intelbras CWE-552
critical
9.8
2017-09-28 CVE-2017-2551 Files or Directories Accessible to External Parties vulnerability in Inpsyde Backwpup
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.
network
low complexity
inpsyde CWE-552
7.5