Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
NA
CVE-2022-36302
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an malicious user to modify the file path to access different resources, which may contain sensitive information.
Bosch Bf-os
890
VMScore
CVE-2021-44041
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an malicious user to execute code on a victim's machine or capture NTLM credentials by supp...
Uipath Assistant 21.4.4
NA
CVE-2022-39802
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an malicious user to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content with...
Sap Manufacturing Execution 15.2
Sap Manufacturing Execution 15.3
Sap Manufacturing Execution 15.1
1 Github repository
445
VMScore
CVE-2021-3382
Stack buffer overflow vulnerability in gitea 1.9.0 up to and including 1.13.1 allows remote malicious users to cause a denial of service (crash) via vectors related to a file path.
Gitea Gitea
356
VMScore
CVE-2021-37439
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.
Nch Flexiserver
676
VMScore
CVE-2006-5658
BlooMooWeb ActiveX control (AidemATL.dll) allows remote malicious users to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and...
Studio Achtundachtzig Bloomooweb Activex Control 1.0.9
445
VMScore
CVE-2021-22013
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
NA
CVE-2022-46306
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load mal...
Changingtec Servisign -
312
VMScore
CVE-2022-28159
Jenkins Tests Selector Plugin 1.3.3 and previous versions does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Tests Selector
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »