Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and previous versions version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
Clipsoft Rexpert
383
VMScore
CVE-2020-25846
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Panorama Project Nhiservisignadapter 1.0.20.0218
NA
CVE-2022-33920
Dell GeoDrive, versions before 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
Dell Geodrive
215
VMScore
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
Debian Cifs-utils 2.6
1 EDB exploit
NA
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and previous versions allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
Jenkins Code Dx
NA
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
\\@nubosoftware\\/node-static Project \\@nubosoftware\\/node-static -
Node-static Project Node-static -
1 Github repository
801
VMScore
CVE-2014-9375
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
Lexmark Markvision Enterprise -
505
VMScore
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Drupal Avatar Uploader 7.x-1.0
1 EDB exploit
NA
CVE-2023-28758
An issue exists in Veritas NetBackup prior to 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
Veritas Netbackup
445
VMScore
CVE-2021-45848
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
Nicotine-plus Nicotine\\+
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »