Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-41717 | Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy 3.6.1.25 Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | 5.5 |
| 2023-08-22 | CVE-2023-4475 | Files or Directories Accessible to External Parties vulnerability in Asustor Data Master An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. | 5.5 |
| 2023-08-03 | CVE-2023-38952 | Files or Directories Accessible to External Parties vulnerability in Zkteco Biotime 8.5.5 Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | 7.5 |
| 2023-08-03 | CVE-2023-38948 | Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | 7.2 |
| 2023-07-30 | CVE-2023-32226 | Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. | 6.5 |
| 2023-07-13 | CVE-2023-29450 | Files or Directories Accessible to External Parties vulnerability in Zabbix JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 7.5 |
| 2023-07-10 | CVE-2023-34316 | Files or Directories Accessible to External Parties vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A/1.0.5 ?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | 7.5 |
| 2023-07-05 | CVE-2023-2538 | Files or Directories Accessible to External Parties vulnerability in Tyan products A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. | 4.2 |
| 2023-06-16 | CVE-2023-34645 | Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0 jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 7.5 |
| 2023-06-14 | CVE-2023-2976 | Files or Directories Accessible to External Parties vulnerability in Google Guava Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | 7.1 |