Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2022-08-16 CVE-2022-36306 Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file.
network
low complexity
airspan CWE-552
6.5
2022-08-10 CVE-2022-22490 Files or Directories Accessible to External Parties vulnerability in IBM products
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information.
network
low complexity
ibm CWE-552
4.9
2022-08-01 CVE-2022-1585 Files or Directories Accessible to External Parties vulnerability in Project-Source-Code-Download Project Project-Source-Code-Download 1.0.0
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
7.5
2022-07-30 CVE-2022-33158 Files or Directories Accessible to External Parties vulnerability in Trendmicro VPN Proxy ONE PRO
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.
local
low complexity
trendmicro CWE-552
7.8
2022-07-20 CVE-2022-34049 Files or Directories Accessible to External Parties vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.
network
low complexity
wavlink CWE-552
5.3
2022-07-17 CVE-2021-40150 Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.
network
low complexity
reolink CWE-552
7.5
2022-07-17 CVE-2021-40149 Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory.
network
high complexity
reolink CWE-552
5.9
2022-07-12 CVE-2022-33686 Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/12.0
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
local
low complexity
google CWE-552
2.3
2022-07-06 CVE-2022-24138 Files or Directories Accessible to External Parties vulnerability in Iobit Advanced Systemcare 15
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users.
local
low complexity
iobit CWE-552
7.8
2022-05-26 CVE-2022-29720 Files or Directories Accessible to External Parties vulnerability in 74Cms 74Cmsse 3.5.1
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
network
low complexity
74cms CWE-552
7.5