Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-36233
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated malicious user to read arbitrary files from the filesystem by specifying the file path.
Unit4 Mik.starlight 7.9.5.24363
5
CVSSv2
CVE-2020-25842
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
Panorama Nhiservisignadapter 1.0.20.0218
NA
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
Sonicwall Global Management System
4.3
CVSSv2
CVE-2007-4734
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote malicious users to execute arbitrary code via a long file path in an m3u file.
Ots Labs Otsturntables 1.00
2 EDB exploits
5.8
CVSSv2
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Jenkins Jenkins
NA
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and previous versions does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Sonargraph Integration
NA
CVE-2023-6750
The Clone WordPress plugin prior to 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
Backupbliss Clone
NA
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
Hitachienergy Esoms
5
CVSSv2
CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Redhat Keycloak
7.5
CVSSv2
CVE-2021-37404
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »