Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-45848
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
Nicotine-plus Nicotine\\+
Fedoraproject Fedora 34
356
VMScore
CVE-2020-23161
Local file inclusion in Pyrescom Termod4 time management devices prior to 10.04k allows authenticated remote malicious users to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
Pyres Termod4 Firmware
1 Github repository
890
VMScore
CVE-2019-11526
An issue exists in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the malicious user to write files with superuser privileges in specific locations.
Softing Uagate Si Firmware 1.60.01
187
VMScore
CVE-2022-28784
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows malicious users to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
Google Android 10.0
Google Android 11.0
Google Android 12.0
NA
CVE-2023-5672
The WP Mail Log WordPress plugin prior to 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an malicious user to leak the contents of arbitrary files.
Wpvibes Wp Mail Log
837
VMScore
CVE-2015-4068
Directory traversal vulnerability in Arcserve UDP prior to 5.0 Update 4 allows remote malicious users to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
Arcserve Arcserve Unified Data Protection
641
VMScore
CVE-2015-8620
Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus prior to 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.
Avast Avast Free Antivirus
Avast Avast Internet Security
Avast Avast Premier
Avast Avast Pro Antivirus
356
VMScore
CVE-2021-32511
QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated malicious users to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
Qsan Storage Manager
515
VMScore
CVE-2006-3532
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.
Pivot Pivot 1.30 Rc2
1 EDB exploit
356
VMScore
CVE-2021-32510
QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated malicious users to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manag...
Qsan Storage Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »