Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-42534 | Files or Directories Accessible to External Parties vulnerability in Samsung Android 12.0/13.0 Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | 5.5 |
| 2023-11-06 | CVE-2023-4930 | Files or Directories Accessible to External Parties vulnerability in Shamimsplugins Front END PM The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | 6.5 |
| 2023-11-02 | CVE-2023-31017 | Files or Directories Accessible to External Parties vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. | 7.8 |
| 2023-10-31 | CVE-2023-5099 | Files or Directories Accessible to External Parties vulnerability in Jonashjalmarsson Html Filter and Csv-File Search The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. | 8.8 |
| 2023-10-30 | CVE-2023-5199 | Files or Directories Accessible to External Parties vulnerability in PHP to Page Project PHP to Page 0.3 The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. | 8.8 |
| 2023-10-25 | CVE-2023-26580 | Files or Directories Accessible to External Parties vulnerability in Idattend Idweb 3.1.013/3.1.052 Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | 7.5 |
| 2023-10-23 | CVE-2023-33517 | Files or Directories Accessible to External Parties vulnerability in Carrental Project Carrental 1.0 carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | 7.5 |
| 2023-10-16 | CVE-2023-3155 | Files or Directories Accessible to External Parties vulnerability in Imagely Nextgen Gallery The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | 7.2 |
| 2023-10-16 | CVE-2023-4933 | Files or Directories Accessible to External Parties vulnerability in Awsm WP JOB Openings The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | 5.3 |
| 2023-10-09 | CVE-2023-5101 | Files or Directories Accessible to External Parties vulnerability in Sick Apu0200 Firmware Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | 5.3 |