Vulnerabilities > Files or Directories Accessible to External Parties

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-23	CVE-2017-7079	Files or Directories Accessible to External Parties vulnerability in Apple Itunes An issue was discovered in certain Apple products. local low complexity apple CWE-552	5.5
2017-10-13	CVE-2017-11829	Files or Directories Accessible to External Parties vulnerability in Microsoft Windows 10 and Windows Server 2016 Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. local low complexity microsoft CWE-552	5.5
2017-09-30	CVE-2017-14942	Files or Directories Accessible to External Parties vulnerability in Intelbras WRN 150 Firmware 1.0.1 Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. network low complexity intelbras CWE-552 critical	9.8
2017-09-28	CVE-2017-2551	Files or Directories Accessible to External Parties vulnerability in Inpsyde Backwpup Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. network low complexity inpsyde CWE-552	7.5
2017-09-19	CVE-2017-10930	Files or Directories Accessible to External Parties vulnerability in ZTE products The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. network low complexity zte CWE-552 critical	9.8
2017-08-17	CVE-2017-6774	Files or Directories Accessible to External Parties vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. network low complexity cisco CWE-552	5.0
2017-08-10	CVE-2017-7737	Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. network low complexity fortinet CWE-552	4.9
2017-07-30	CVE-2017-11746	Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. network low complexity inversepath CWE-552	7.5
2017-07-13	CVE-2017-1308	Files or Directories Accessible to External Parties vulnerability in IBM Daeja Viewone 4.1.5/4.1.5.1/5.0 IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. network low complexity ibm CWE-552	6.5
2017-05-25	CVE-2015-5211	Files or Directories Accessible to External Parties vulnerability in multiple products Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. network low complexity vmware debian CWE-552 critical	9.6