Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-15104 | Files or Directories Accessible to External Parties vulnerability in multiple products An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. | 7.8 |
| 2017-11-09 | CVE-2017-16651 | Files or Directories Accessible to External Parties vulnerability in multiple products Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. | 4.6 |
| 2017-10-23 | CVE-2017-7079 | Files or Directories Accessible to External Parties vulnerability in Apple Itunes An issue was discovered in certain Apple products. | 4.3 |
| 2017-10-13 | CVE-2017-11829 | Files or Directories Accessible to External Parties vulnerability in Microsoft Windows 10 and Windows Server 2016 Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | 2.1 |
| 2017-09-30 | CVE-2017-14942 | Files or Directories Accessible to External Parties vulnerability in Intelbras WRN 150 Firmware 1.0.1 Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | 9.8 |
| 2017-09-28 | CVE-2017-2551 | Files or Directories Accessible to External Parties vulnerability in Inpsyde Backwpup Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | 5.0 |
| 2017-09-19 | CVE-2017-10930 | Files or Directories Accessible to External Parties vulnerability in ZTE Zxr10 1800-2S Firmware The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | 5.0 |
| 2017-08-17 | CVE-2017-6774 | Files or Directories Accessible to External Parties vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. | 4.0 |
| 2017-07-30 | CVE-2017-11746 | Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | 7.8 |
| 2017-07-13 | CVE-2017-1308 | Files or Directories Accessible to External Parties vulnerability in IBM Daeja Viewone 4.1.5/4.1.5.1/5.0 IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. | 4.0 |