Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
NA
CVE-2022-36302
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an malicious user to modify the file path to access different resources, which may contain sensitive information.
Bosch Bf-os
10
CVSSv2
CVE-2021-44041
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an malicious user to execute code on a victim's machine or capture NTLM credentials by supp...
Uipath Assistant 21.4.4
5
CVSSv2
CVE-2021-3382
Stack buffer overflow vulnerability in gitea 1.9.0 up to and including 1.13.1 allows remote malicious users to cause a denial of service (crash) via vectors related to a file path.
Gitea Gitea
NA
CVE-2022-39802
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an malicious user to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content with...
Sap Manufacturing Execution 15.2
Sap Manufacturing Execution 15.3
Sap Manufacturing Execution 15.1
1 Github repository
4
CVSSv2
CVE-2021-37439
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.
Nch Flexiserver
7.6
CVSSv2
CVE-2006-5658
BlooMooWeb ActiveX control (AidemATL.dll) allows remote malicious users to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and...
Studio Achtundachtzig Bloomooweb Activex Control 1.0.9
5
CVSSv2
CVE-2021-22013
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
NA
CVE-2022-46306
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load mal...
Changingtec Servisign -
3.5
CVSSv2
CVE-2022-28159
Jenkins Tests Selector Plugin 1.3.3 and previous versions does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Tests Selector
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »