Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
4.9
CVSSv3
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][base...
Typo3 Typo3 11.5.24
8.8
CVSSv3
CVE-2023-22629
An issue exists in TitanFTP up to and including 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Southrivertech Titan Ftp Server
NA
CVE-2020-128272
MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
7.5
CVSSv3
CVE-2017-11456
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
Geneko Gwr352 3g Router Firmware -
Geneko Gwr352wv Wide Voltage 3g Router Firmware -
Geneko Gwr252 Edge Router Firmware -
Geneko Gwr202 Gprs Router Firmware -
1 EDB exploit
6.5
CVSSv3
CVE-2022-27248
A directory traversal vulnerability in IdeaRE RefTree prior to 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path fi...
Idearespa Reftree
7.5
CVSSv3
CVE-2022-45129
Payara prior to 2022-11-04, when deployed to the root context, allows malicious users to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community prior to 4.1.2.191.38, 5.x prior to 5.2022.4, and 6.x prior to 6.2022.1, and ...
Payara Payara
NA
CVE-2020-128272020
MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
NA
CVE-2023-40279
An issue exists in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
NA
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and previous versions and FALCON XLWeb XLWebExe controller devices 2.02.11 and previous versions allow remote malicious users to bypass authentication and obtain administrative access by visiting the change-password page.
Honeywell Falcon Xlweb Linux Controller
Honeywell Falcon Xlweb Xlwebexe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »