Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2020-25845
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Panorama Project Nhiservisignadapter 1.0.20.0218
9.8
CVSSv3
CVE-2023-1478
The Hummingbird WordPress plugin prior to 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
Incsub Hummingbird
7.5
CVSSv3
CVE-2023-0331
The Correos Oficial WordPress plugin up to and including 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated malicious users to download arbitrary files from the server.
Correos Correos Oficial
7.5
CVSSv3
CVE-2020-11594
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
Cipplanner Cipace
7.5
CVSSv3
CVE-2018-16270
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Samsung Galaxy Gear Firmware
Samsung Gear 2 Firmware
Samsung Gear Live Firmware
Samsung Gear S Firmware
Samsung Gear S2 Firmware
Samsung Gear S3 Firmware
Samsung Gear Sport Firmware
Samsung Gear Fit Firmware
Samsung Gear Fit 2 Firmware
Samsung Gear Fit 2 Pro Firmware
8.8
CVSSv3
CVE-2017-5261
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
Cambiumnetworks Cnpilot R190v Firmware
Cambiumnetworks Cnpilot E410 Firmware
Cambiumnetworks Cnpilot R190n Firmware
Cambiumnetworks Cnpilot E400 Firmware
Cambiumnetworks Cnpilot E600 Firmware
NA
CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote malicious user to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
7.8
CVSSv3
CVE-2021-26603
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
Bandisoft Ark Library
7.8
CVSSv3
CVE-2022-33920
Dell GeoDrive, versions before 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
Dell Geodrive
5.3
CVSSv3
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and previous versions version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
Clipsoft Rexpert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »