Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-32527
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated malicious users to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Qsan Storage Manager
1 Github repository
215
VMScore
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Debian Cifs-utils 2.6
1 EDB exploit
NA
CVE-2022-33920
Dell GeoDrive, versions before 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
Dell Geodrive
445
VMScore
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and previous versions version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
Clipsoft Rexpert
NA
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
801
VMScore
CVE-2014-9375
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
Lexmark Markvision Enterprise -
NA
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and previous versions allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
Jenkins Code Dx
NA
CVE-2023-28758
An issue exists in Veritas NetBackup prior to 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
Veritas Netbackup
356
VMScore
CVE-2020-23161
Local file inclusion in Pyrescom Termod4 time management devices prior to 10.04k allows authenticated remote malicious users to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
Pyres Termod4 Firmware
1 Github repository
668
VMScore
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote malicious users to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
Thepeak Thepeak File Upload Manager 1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »