Vulnerabilities > Files or Directories Accessible to External Parties
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-16 | CVE-2022-36306 | Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. | 6.5 |
2022-08-10 | CVE-2022-22490 | Files or Directories Accessible to External Parties vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. | 4.9 |
2022-08-01 | CVE-2022-1585 | Files or Directories Accessible to External Parties vulnerability in Project-Source-Code-Download Project Project-Source-Code-Download 1.0.0 The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | 7.5 |
2022-07-30 | CVE-2022-33158 | Files or Directories Accessible to External Parties vulnerability in Trendmicro VPN Proxy ONE PRO Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | 7.8 |
2022-07-20 | CVE-2022-34049 | Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | 5.3 |
2022-07-17 | CVE-2021-40150 | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. | 7.5 |
2022-07-17 | CVE-2021-40149 | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. | 5.9 |
2022-07-12 | CVE-2022-33686 | Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | 2.3 |
2022-07-06 | CVE-2022-24138 | Files or Directories Accessible to External Parties vulnerability in Iobit Advanced Systemcare 15 IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. | 7.8 |
2022-05-26 | CVE-2022-29720 | Files or Directories Accessible to External Parties vulnerability in 74Cms 74Cmsse 3.5.1 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | 7.5 |