Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote malicious users to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
Symantec Norton Antivirus 2.5
4.3
CVSSv3
CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>...
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and previous versions does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file syste...
Jenkins Sidebar Link
4.3
CVSSv3
CVE-2023-24449
Jenkins PWauth Security Realm Plugin 0.4 and previous versions does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller fil...
Jenkins Pwauth Security Realm
4.3
CVSSv3
CVE-2022-36890
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and previous versions does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controll...
Jenkins Deployer Framework
4.3
CVSSv3
CVE-2022-36904
Jenkins Repository Connector Plugin 2.2.0 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller fi...
Jenkins Repository Connector
4.3
CVSSv3
CVE-2022-36914
Jenkins Files Found Trigger Plugin 1.5 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file ...
Jenkins Files Found Trigger
NA
CVE-2007-0468
Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote malicious users to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
Microsoft Visual Studio 6.0
6.7
CVSSv3
CVE-2020-9072
Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the malicious user to obtain a hig...
Huawei Osd Firmware
9.8
CVSSv3
CVE-2024-26261
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be delete...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »