Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2022-40126 | Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | 7.8 |
| 2022-09-28 | CVE-2022-3287 | Files or Directories Accessible to External Parties vulnerability in Fwupd When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | 6.5 |
| 2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
| 2022-08-30 | CVE-2022-36552 | Files or Directories Accessible to External Parties vulnerability in Tendacn AC6 Firmware Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | 7.5 |
| 2022-08-16 | CVE-2022-36306 | Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. | 6.5 |
| 2022-08-10 | CVE-2022-22490 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. | 4.9 |
| 2022-08-01 | CVE-2022-1585 | Files or Directories Accessible to External Parties vulnerability in Project-Source-Code-Download Project Project-Source-Code-Download 1.0.0 The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | 7.5 |
| 2022-07-30 | CVE-2022-33158 | Files or Directories Accessible to External Parties vulnerability in Trendmicro VPN Proxy ONE PRO Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | 7.8 |
| 2022-07-20 | CVE-2022-34049 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | 5.3 |
| 2022-07-17 | CVE-2021-40150 | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. | 7.5 |