Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
NA
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded ...
NA
CVE-2022-44725
OPC Foundation Local Discovery Server (LDS) up to and including 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Opcfoundation Local Discovery Server
605
VMScore
CVE-2007-2058
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
Picozip Picozip 4.02
570
VMScore
CVE-2021-22028
In versions of Greenplum database before 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.
Greenplum Greenplum
NA
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and previous versions does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file syste...
Jenkins Visual Expert 1.0
Jenkins Visual Expert 1.3
356
VMScore
CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>...
Gitlab Gitlab
694
VMScore
CVE-2006-3534
Directory traversal vulnerability in Nullsoft SHOUTcast DSP prior to 1.9.6 filters directory traversal sequences before decoding, which allows remote malicious users to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing &...
Nullsoft Shoutcast Server
Nullsoft Shoutcast Server 1.9.2
Nullsoft Shoutcast Server 1.8.9
Nullsoft Shoutcast Server 1.9.4
Nullsoft Shoutcast Server 1.9.5
Nullsoft Shoutcast Server 1.8.3
Nullsoft Shoutcast Server 1.7.1
Nullsoft Shoutcast Server 1.8.2
445
VMScore
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote malicious users to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
Symantec Norton Antivirus 2.5
NA
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and previous versions does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Openstack Heat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »