ReportizFlow
Filtered by vendor
Subscriptions
Total
488 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33568 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-03 | 7.5 High |
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. | ||||
| CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-18 | 7.5 High |
| jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | ||||
| CVE-2022-42834 | 1 Apple | 1 Macos | 2024-12-10 | 3.3 Low |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | ||||
| CVE-2023-5101 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 5.3 Medium |
| Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | ||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-07 | 9.8 Critical |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||
| CVE-2024-6209 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-12-05 | 10 Critical |
| Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized | ||||
| CVE-2018-0106 | 1 Cisco | 1 Elastic Services Controller | 2024-12-03 | 3.3 Low |
| A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221. | ||||
| CVE-2023-34834 | 1 Mcl-collection | 2 Mcl-net, Mcl-net Firmware | 2024-11-27 | 5.3 Medium |
| A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint. | ||||
| CVE-2024-5262 | 1 Projectdiscovery | 1 Interactsh | 2024-11-21 | 9.8 Critical |
| Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login. | ||||
| CVE-2024-5056 | 1 Schneider-electric | 6 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 3 more | 2024-11-21 | 6.5 Medium |
| CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | ||||
| CVE-2024-38429 | 1 Matrix-globalservices | 1 Tafnit | 2024-11-21 | 7.5 High |
| Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties | ||||
| CVE-2024-1005 | 1 Shanxi Tianneng Technology | 1 Noderp | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | 5.3 Medium |
| Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | ||||
| CVE-2023-6114 | 1 Awesomemotive | 1 Duplicator | 2024-11-21 | 7.5 High |
| The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | ||||
| CVE-2023-5297 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | ||||
| CVE-2023-4933 | 1 Awsm | 1 Wp Job Openings | 2024-11-21 | 5.3 Medium |
| The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | ||||
| CVE-2023-4588 | 1 Delinea | 1 Secret Server | 2024-11-21 | 6.8 Medium |
| File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text. | ||||
| CVE-2023-4550 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 7.5 High |
| Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4475 | 1 Asustor | 1 Data Master | 2024-11-21 | 7.5 High |
| An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | ||||