Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
676
VMScore
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and previous versions and FALCON XLWeb XLWebExe controller devices 2.02.11 and previous versions allow remote malicious users to bypass authentication and obtain administrative access by visiting the change-password page.
Honeywell Falcon Xlweb Linux Controller
Honeywell Falcon Xlweb Xlwebexe
890
VMScore
CVE-2015-0984
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers prior to...
Honeywell Excel Web Xl 1000c1000 600 I/o
Honeywell Excel Web Xl 1000c50u 52 I/o Uukl
Honeywell Excel Web Xl 1000c500 300 I/o Uukl
Honeywell Excel Web Xl 1000c1000 600 I/o Uukl
Honeywell Excel Web Xl 1000c100 104 I/o
Honeywell Excel Web Xl 1000c500 300 I/o
Honeywell Excel Web Xl 1000c100u 104 I/o Uukl
Honeywell Excel Web Xl 1000c50 52 I/o
NA
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration, Backup, Staging
356
VMScore
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
694
VMScore
CVE-2013-7174
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS prior to 4.1.0 allows remote malicious users to read arbitrary files via a full pathname in the f parameter.
Qnap Qts
Qnap Qts 4.0
446
VMScore
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
NA
CVE-2023-40279
An issue exists in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
NA
CVE-2019-6268
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
685
VMScore
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote malicious users to execute arbitrary files via a .. (dot dot) in an archive file.
Extplorer Extplorer 2.1.9
1 EDB exploit
605
VMScore
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.3
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »