Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Debian Cifs-utils 2.6
1 EDB exploit
7.5
CVSSv3
CVE-2021-32527
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated malicious users to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Qsan Storage Manager
1 Github repository
7.4
CVSSv3
CVE-2020-25846
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Panorama Project Nhiservisignadapter 1.0.20.0218
5.3
CVSSv3
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and previous versions version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
Clipsoft Rexpert
7.5
CVSSv3
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
4.3
CVSSv3
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and previous versions allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
Jenkins Code Dx
NA
CVE-2014-9375
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
Lexmark Markvision Enterprise -
7.5
CVSSv3
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Drupal Avatar Uploader 7.x-1.0
1 EDB exploit
6.5
CVSSv3
CVE-2020-23161
Local file inclusion in Pyrescom Termod4 time management devices prior to 10.04k allows authenticated remote malicious users to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
Pyres Termod4 Firmware
1 Github repository
NA
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote malicious users to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
Thepeak Thepeak File Upload Manager 1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »