Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2018-0106 Files or Directories Accessible to External Parties vulnerability in Cisco Elastic Services Controller
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system.
local
low complexity
cisco CWE-552
3.3
3.3
2017-11-09 CVE-2017-16651 Files or Directories Accessible to External Parties vulnerability in multiple products
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017.
local
low complexity
roundcube debian CWE-552
7.8
7.8
2017-10-23 CVE-2017-7079 Files or Directories Accessible to External Parties vulnerability in Apple Itunes
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-552
5.5
5.5
2017-10-13 CVE-2017-11829 Files or Directories Accessible to External Parties vulnerability in Microsoft Windows 10 and Windows Server 2016
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
local
low complexity
microsoft CWE-552
5.5
5.5
2017-09-30 CVE-2017-14942 Files or Directories Accessible to External Parties vulnerability in Intelbras WRN 150 Firmware 1.0.1
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
network
low complexity
intelbras CWE-552
critical
 9.8
9.8
2017-09-28 CVE-2017-2551 Files or Directories Accessible to External Parties vulnerability in Inpsyde Backwpup
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.
network
low complexity
inpsyde CWE-552
7.5
7.5
2017-09-19 CVE-2017-10930 Files or Directories Accessible to External Parties vulnerability in ZTE Zxr10 1800-2S Firmware
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
network
low complexity
zte CWE-552
critical
 9.8
9.8
2017-08-17 CVE-2017-6774 Files or Directories Accessible to External Parties vulnerability in Cisco ASR 5000 Software 21.0.V0.65839
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files.
network
low complexity
cisco CWE-552
5.0
5.0
2017-08-10 CVE-2017-7737 Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
network
low complexity
fortinet CWE-552
4.9
4.9
2017-07-30 CVE-2017-11746 Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command.
network
low complexity
inversepath CWE-552
7.5
7.5