Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-4735
Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote malicious users to execute arbitrary code via a long file path in an m3u file.
Next Generation Software Virtual Dj \\(vdj\\) 5.0
1 EDB exploit
3.5
CVSSv2
CVE-2020-2201
Jenkins Sonargraph Integration Plugin 3.0.0 and previous versions does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
Jenkins Sonargraph Integration
9.3
CVSSv2
CVE-2010-0029
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote malicious users to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
Microsoft Powerpoint 2002
5
CVSSv2
CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Redhat Keycloak
7.5
CVSSv2
CVE-2021-37404
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop
NA
CVE-2024-28222
In Veritas NetBackup prior to 8.1.2 and NetBackup Appliance prior to 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated malicious user to upload and execute a custom file.
1 Github repository
4.3
CVSSv2
CVE-2015-1041
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote malicious users to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.
E107 E107 1.0.4
NA
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templa...
Linuxfoundation Lima
7.5
CVSSv2
CVE-2020-8132
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an malicious user to run arbitrary code if PDF file path is constructed based on untrusted user input.
Pdf-image Project Pdf-image
4.3
CVSSv2
CVE-2020-25845
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Panorama Project Nhiservisignadapter 1.0.20.0218
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »