Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28072
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
356
VMScore
CVE-2021-36233
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated malicious user to read arbitrary files from the filesystem by specifying the file path.
Unit4 Mik.starlight 7.9.5.24363
NA
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
Sonicwall Global Management System
445
VMScore
CVE-2020-25842
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
Panorama Nhiservisignadapter 1.0.20.0218
440
VMScore
CVE-2007-4734
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote malicious users to execute arbitrary code via a long file path in an m3u file.
Ots Labs Otsturntables 1.00
2 EDB exploits
NA
CVE-2023-6750
The Clone WordPress plugin prior to 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
Backupbliss Clone
NA
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and previous versions does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Sonargraph Integration
516
VMScore
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Jenkins Jenkins
NA
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
Hitachienergy Esoms
312
VMScore
CVE-2020-2201
Jenkins Sonargraph Integration Plugin 3.0.0 and previous versions does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
Jenkins Sonargraph Integration
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »