Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-3155 Files or Directories Accessible to External Parties vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
network
low complexity
imagely CWE-552
7.2
7.2
2023-10-16 CVE-2023-4933 Files or Directories Accessible to External Parties vulnerability in Awsm WP JOB Openings
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
network
low complexity
awsm CWE-552
5.3
5.3
2023-10-09 CVE-2023-5101 Files or Directories Accessible to External Parties vulnerability in Sick Apu0200 Firmware
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.
network
low complexity
sick CWE-552
5.3
5.3
2023-10-05 CVE-2023-45160 Files or Directories Accessible to External Parties vulnerability in 1E Client
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script.
network
low complexity
1e CWE-552
8.8
8.8
2023-09-29 CVE-2023-5297 Files or Directories Accessible to External Parties vulnerability in Rockoa 2.3.2
A vulnerability was found in Xinhu RockOA 2.3.2.
network
low complexity
rockoa CWE-552
7.5
7.5
2023-09-27 CVE-2023-43856 Files or Directories Accessible to External Parties vulnerability in Iteachyou Dreamer CMS 4.1.3
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
network
low complexity
iteachyou CWE-552
7.5
7.5
2023-09-12 CVE-2023-3712 Files or Directories Accessible to External Parties vulnerability in Honeywell Pm43 Firmware
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g.
local
low complexity
honeywell CWE-552
7.8
7.8
2023-09-06 CVE-2023-4588 Files or Directories Accessible to External Parties vulnerability in Delinea Secret Server 10.9.000002/11.4.000002
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions.
network
low complexity
delinea CWE-552
4.9
4.9
2023-09-03 CVE-2023-4743 Files or Directories Accessible to External Parties vulnerability in Iteachyou Dreamer CMS
A vulnerability was found in Dreamer CMS up to 4.1.3.
network
high complexity
iteachyou CWE-552
4.8
4.8
2023-08-31 CVE-2023-41717 Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy 3.6.1.25
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.
local
low complexity
zscaler CWE-552
5.5
5.5