CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-8655A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 5.3 | - | - | ||
CVE-2024-8535Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources | CVSS 8.8 | Citrix | - | - | |
CVE-2024-7729The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. | CVSS 7.5 | - | - | ||
CVE-2024-7107Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253. | CVSS 7.5 | Nationalkeep | - | - | |
CVE-2024-6911Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | CVSS 7.5 | Exploit | - | ||
CVE-2024-6878Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24. | CVSS 7.5 | - | - | ||
CVE-2024-6209Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series
v <=3.08.01
; MATRIX Series
v<=3.08.01 allows Attacker to access files unauthorized | CVSS 7.5 | Abb | - | Patched | |
CVE-2024-5587A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 5.3 | Casbin | - | - | |
CVE-2024-5262Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login. | CVSS 9.8 | Projectdiscovery | - | Patched | |
CVE-2024-52292Exposure of Sensitive Information: Arbitrary file read can lead to the exposure of sensitive data such as configuration files (e.g., /etc/passwd, .env, config.php), which may contain credentials, API keys, or database passwords. This can provide the attacker with further access to the system or connected services.
Privilege Escalation: If the attacker is able to read files that contain privileged information, such as credentials for other systems or applications, they may be able to escalate their privileges beyond what the web admin role originally allowed, potentially gaining full control over the server or other related systems.
Server Compromise: Access to files like SSH keys, private certificates, or system configuration files can lead to the complete compromise of the underlying server. With this information, an attacker could remotely log in to the server or impersonate it in secure communications.
Exfiltration of User Data: The ability to read arbitrary files may allow an attacker to access user data, such as stored passwords, session tokens, or private information (like uploaded files or logs), leading to a breach of confidentiality and violating privacy regulations (e.g., GDPR). | CVSS 6.5 | Craftcms | Exploit | Patched | |
CVE-2024-5056CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and prevent proper behavior of the webserver when
specific files or directories are removed from the filesystem. | CVSS 6.5 | Schneider-electric | - | Patched | |
CVE-2024-5045A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability. | CVSS 5.3 | Online birth certificate management system project | - | - | |
CVE-2024-49756AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions (no changing fields), and would allow their hooks (side effects) to be performed when they should not have been. Note that this does not allow reading new data that the user should not have had access to, only triggering a side effect a user should not have been able to trigger.
To be vulnerable, an affected user must have an update action that is on a resource with no attributes containing an "update default" (updated_at timestamp, for example); can be performed atomically; does not have `require_atomic? false`; has at least one authorizer (typically `Ash.Policy.Authorizer`); and has at least one `change` (on the resource's `changes` block or in the action itself). This is where the side-effects would be performed when they should not have been.
This problem has been patched in `2.4.10` of `ash_postgres`. Several workarounds are available. Potentially affected users may determine that none of their actions are vulnerable using a script the maintainers provide in the GitHub Security Advisory, add `require_atomic? false` to any potentially affected update action, replace any usage of `Ash.update` with `Ash.bulk_update` for an affected action, and/or add an update timestamp to their action. | CVSS 5.3 | Github | - | Patched | |
CVE-2024-49359ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on the server. By manipulating the path parameter, attackers can access sensitive system directories such as `/etc`, potentially exposing critical configuration files and increasing the risk of further attacks. As of time of publication, no known patched versions are available. | CVSS 7.5 | Exploit | Patched | ||
CVE-2024-48838Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | CVSS 3.3 | Dell | - | Patched | |
CVE-2024-48647A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including configuration files that may contain credentials and system settings, which could lead to further compromise of the server. | CVSS 7.2 | - | - | ||
CVE-2024-4836Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user.
The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected. | CVSS 7.5 | - | - | ||
CVE-2024-45276An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. | CVSS 7.5 | Helmholz, et al | - | - | |
CVE-2024-44807A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | CVSS 5.3 | Basercms | - | - | |
CVE-2024-41699Priority – CWE-552: Files or Directories Accessible to External Parties | CVSS 7.5 | Priority-software | - | - | |
CVE-2024-40767In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. | CVSS 6.5 | Openstack | Exploit | Patched | |
CVE-2024-39931Gogs through 0.13.0 allows deletion of internal files. | CVSS 9.9 | Gogs | - | Patched | |
CVE-2024-39581Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files. | CVSS 9.8 | Dell | - | Patched | |
CVE-2024-3913An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | CVSS 5.3 | Phoenixcontact | - | - | |
CVE-2024-38876A vulnerability has been identified in Omnivise T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. | CVSS 7.8 | Siemens | - | Patched | |
CVE-2024-38429Matrix Tafnit v8
- CWE-552: Files or Directories Accessible to External Parties | CVSS 7.5 | - | - | ||
CVE-2024-36442cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. | CVSS 8.8 | Ruby-lang | - | - | |
CVE-2024-35183wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. A central function `GetGitAuth` looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library. Most callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com. This behavior has existed in one form or another since commit 0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023. This impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. This also impacts anyone who ran `wolfictl update <url>` with a remote URL outside of github.com. Additionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token. Users should upgrade to version 0.16.10 to receive a patch. | CVSS 4.4 | - | - | ||
CVE-2024-34066Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround. | CVSS 8.4 | Pterodactyl | - | Patched | |
CVE-2024-32498An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered during image upload or when attaching images to virtual machines. During this process, the affected OpenStack services could be tricked into reading or writing to the host with the equivalent privileges of QEMU. This bypasses isolation restrictions, significantly reducing the security of an affected compute host, and could enable arbitrary code execution, a denial of service, or leaking of secrets. If exploited, the immediate impact is limited to an individual compute host. However, if the attacker has access to multiple hosts and enough time to repeat it, they could potentially spread across all compute hosts. | CVSS 6.5 | Openstack | - | Patched | |
CVE-2024-3164In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance → Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System → Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.
OWASP Top 10 - A01) Broken Access Control
OWASP Top 10 - A04) Insecure Design
| CVSS 4.5 | Dotcms | - | - | |
CVE-2024-31141Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.
Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.
In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.
In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.
This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.
Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".
Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.
For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.
For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property. | CVSS 6.5 | Apache | - | Patched | |
CVE-2024-27894The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.
This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".
This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0.
2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.
2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.
3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.
3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.
3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.
Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.
The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation. | CVSS 8.5 | Apache | - | Patched | |
CVE-2024-2759Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
| CVSS Low | Prestashop | - | - | |
CVE-2024-27182In Apache Linkis <= 1.5.0,
Arbitrary file deletion in Basic management services on
A user with an administrator account could delete any file accessible by the Linkis system user
.
Users are recommended to upgrade to version 1.6.0, which fixes this issue. | CVSS 4.9 | Apache | - | Patched | |
CVE-2024-24161MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | CVSS 7.5 | Mrcms | Exploit | - | |
CVE-2024-23282The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization. | CVSS 5.5 | Apple | - | Patched | |
CVE-2024-22240Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | CVSS 4.9 | Vmware | - | Patched | |
CVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | CVSS 9 | Microsoft | - | Patched | |
CVE-2024-2056Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. | CVSS 9.8 | - | - | ||
CVE-2024-2055The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. | CVSS 9.8 | Artica-proxy | - | - | |
CVE-2024-2052
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow
unauthenticated files and logs exfiltration and download of files when an attacker modifies the
URL to download to a different location.
| CVSS 7.5 | - | - | ||
CVE-2024-10526Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3. | CVSS Low | Rapid7 | - | - | |
CVE-2024-1005A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 7.5 | Shanxi tianneng technology | - | - | |
CVE-2023-6375Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.
| CVSS 5.3 | Tylertech | - | - | |
CVE-2023-6266The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more. | CVSS 7.5 | Backupbliss | - | - | |
CVE-2023-6114The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | CVSS 7.5 | Awesomemotive | Exploit | - | |
CVE-2023-5907The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. | CVSS 6.5 | Bitapps | Exploit | - | |
CVE-2023-5297A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | CVSS 7.5 | Rockoa | Exploit | - | |
CVE-2023-52112Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally. | CVSS 5.3 | Huawei | - | Patched | |
CVE-2023-5199The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. | CVSS 8.8 | Php to page project | Exploit | - | |
CVE-2023-5101
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged remote attacker to download various files from the server via HTTP requests.
| CVSS 5.3 | - | Patched | ||
CVE-2023-5099The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | CVSS 8.8 | Jonashjalmarsson | - | Patched | |
CVE-2023-50164An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.1 or greater to fix this issue.
| CVSS 9.8 | Apache | Exploit | Patched | |
CVE-2023-4933The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | CVSS 5.3 | Awsm | Exploit | - | |
CVE-2023-4930The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | CVSS 6.5 | Shamimsplugins | Exploit | - | |
CVE-2023-49198Mysql security vulnerability in Apache SeaTunnel.
Attackers can read files on the MySQL server by modifying the information in the MySQL URL
allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360
This issue affects Apache SeaTunnel: 1.0.0.
Users are recommended to upgrade to version [1.0.1], which fixes the issue. | CVSS 7.5 | Apache, et al | - | Patched | |
CVE-2023-48710iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module.
The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | CVSS 9.8 | Combodo | - | - | |
CVE-2023-48661
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.
| CVSS 4.9 | Dell | - | Patched | |
CVE-2023-47612A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | CVSS 6.1 | - | - | ||
CVE-2023-4743A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 4.8 | Dreamer cms project | Exploit | - | |
CVE-2023-4588File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text. | CVSS 4.9 | Delinea | - | - | |
CVE-2023-45594A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | CVSS 6.8 | - | - | ||
CVE-2023-4550Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
This issue affects AppBuilder: from 21.2 before 23.2.
| CVSS 7.5 | Opentext | - | - | |
CVE-2023-45160
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.
Resolution: This has been fixed in patch Q23094
This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.
Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability. | CVSS 8.8 | 1e | - | Patched | |
CVE-2023-4475An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
| CVSS 5.5 | Asustor | - | Patched | |
CVE-2023-43856Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | CVSS 7.5 | Dreamer cms project | - | - | |
CVE-2023-42534Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | CVSS 5.5 | Samsung | - | Patched | |
CVE-2023-41916
In Apache Linkis =1.4.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.5.0.
| CVSS 6.5 | Apache | - | Patched | |
CVE-2023-41717Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | CVSS 5.5 | Zscaler | Exploit | - | |
CVE-2023-39545CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
| CVSS 8.8 | Nec | - | Patched | |
CVE-2023-39480Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549. | CVSS Low | Softing | - | - | |
CVE-2023-39479Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548. | CVSS Low | Softing | - | - | |
CVE-2023-38952Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | CVSS 7.5 | Zkteco | - | - | |
CVE-2023-38948An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | CVSS 7.2 | Jizhicms | Exploit | - | |
CVE-2023-37551In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | CVSS 6.5 | Codesys | - | - | |
CVE-2023-3712Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
| CVSS 7.8 | Exploit | - | ||
CVE-2023-34645jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | CVSS 7.5 | Jflyfox | Exploit | - | |
CVE-2023-33517carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | CVSS 7.5 | Carrental project | Exploit | - | |
CVE-2023-32684Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image. | CVSS 2.5 | Linuxfoundation | - | Patched | |
CVE-2023-32226 Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users may exfiltrate files from the server via an unspecified method.
| CVSS 6.5 | Sysaid | - | - | |
CVE-2023-3155The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | CVSS 7.2 | Imagely | Exploit | - | |
CVE-2023-31066Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.
| CVSS 9.1 | Apache | - | Patched | |
CVE-2023-31064Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.
| CVSS 7.5 | Apache | - | Patched | |
CVE-2023-31017NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | CVSS 7.8 | - | Patched | ||
CVE-2023-2976Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
| CVSS 5.5 | - | Patched | ||
CVE-2023-29450JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | CVSS 7.5 | Zabbix | - | Patched | |
CVE-2023-29107A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources. | CVSS 5.3 | - | Patched | ||
CVE-2023-28375Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. | CVSS 7.5 | - | - | ||
CVE-2023-2766A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 7.5 | Weaver | Exploit | - | |
CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. | CVSS 7.5 | Onekeyadmin | Exploit | - | |
CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. | CVSS 7.5 | Onekeyadmin | Exploit | - | |
CVE-2023-26580Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | CVSS 7.5 | Idattend | - | - | |
CVE-2023-2538A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS. | CVSS 4.2 | Tyan | - | - | |
CVE-2023-23330amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. | CVSS 7.5 | Amano | Exploit | - | |
CVE-2023-22974A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | CVSS 7.5 | Open-emr | Exploit | Patched | |
CVE-2023-2180The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server) | CVSS 7.5 | Exploit | - | ||
CVE-2023-20235A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.
This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | CVSS 8.8 | Cisco | - | Patched | |
CVE-2023-20184Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | CVSS 4.3 | Cisco | - | Patched | |
CVE-2023-20183Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | CVSS 4.3 | Cisco | - | Patched |