Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
relative vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2270
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip ...
Netskope Netskope
NA
CVE-2023-38346
An issue exists in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the func...
Windriver Vxworks 6.9
Windriver Vxworks 7.0
NA
CVE-2024-25136
There is a function in AutomationDirect C-MORE EA9 HMI that allows an malicious user to send a relative path in the URL without proper sanitizing of the content.
356
VMScore
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
445
VMScore
CVE-2017-6681
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote malicious user to execute a relative path traversal attack, enabling an malicious user to read sensitive files on the system. More Information: CSCvc76662....
Cisco Ultra Services Framework 21.0.0
NA
CVE-2022-43672
Zoho ManageEngine Password Manager Pro prior to 12122, PAM360 prior to 5711, and Access Manager Plus prior to 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.7
NA
CVE-2022-29062
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR prior to 7.2.1 allows an authenticated malicious user to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
Fortinet Fortisoar 7.2.0
Fortinet Fortisoar
NA
CVE-2024-24869
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.This issue affects Total Upkeep: from n/a up to and including 1.15.8.
NA
CVE-2021-46898
views/switch.py in django-grappelli (aka Django Grappelli) prior to 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.
Vonautomatisch Django Grappelli
668
VMScore
CVE-2020-12006
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Advantech Webaccess
Advantech Webaccess 9.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »