Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-16 | CVE-2019-13140 | Files or Directories Accessible to External Parties vulnerability in Intenogroup Eg200 Firmware Eg200Wu7P1Uadamo3.16.41902261650 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. | 6.5 |
| 2019-08-01 | CVE-2016-10829 | Files or Directories Accessible to External Parties vulnerability in Cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | 6.5 |
| 2019-07-24 | CVE-2019-3622 | Files or Directories Accessible to External Parties vulnerability in Mcafee Data Loss Prevention Endpoint Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | 8.2 |
| 2019-07-08 | CVE-2019-13404 | Files or Directories Accessible to External Parties vulnerability in Python The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. | 7.8 |
| 2019-06-03 | CVE-2019-12375 | Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | 6.3 |
| 2019-02-11 | CVE-2018-9587 | Files or Directories Accessible to External Parties vulnerability in Google Android In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. | 7.3 |
| 2019-01-22 | CVE-2017-6922 | Files or Directories Accessible to External Parties vulnerability in multiple products In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. | 6.5 |
| 2018-09-12 | CVE-2018-16946 | Files or Directories Accessible to External Parties vulnerability in LG products LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. | 7.5 |
| 2018-06-11 | CVE-2018-5112 | Files or Directories Accessible to External Parties vulnerability in multiple products Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. | 7.5 |
| 2018-03-23 | CVE-2017-1602 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. | 4.3 |