Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-2058
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
Picozip Picozip 4.02
NA
CVE-2022-44725
OPC Foundation Local Discovery Server (LDS) up to and including 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Opcfoundation Local Discovery Server
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
NA
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and previous versions does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Openstack Heat
NA
CVE-2022-36918
Jenkins Buckminster Plugin 1.1.1 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Jenkins Buckminster
NA
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and previous versions does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file syste...
Jenkins Visual Expert 1.0
Jenkins Visual Expert 1.3
5
CVSSv2
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote malicious users to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
Symantec Norton Antivirus 2.5
7.8
CVSSv2
CVE-2006-3534
Directory traversal vulnerability in Nullsoft SHOUTcast DSP prior to 1.9.6 filters directory traversal sequences before decoding, which allows remote malicious users to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing &...
Nullsoft Shoutcast Server 1.8.3
Nullsoft Shoutcast Server 1.9.2
Nullsoft Shoutcast Server 1.8.9
Nullsoft Shoutcast Server 1.9.4
Nullsoft Shoutcast Server 1.9.5
Nullsoft Shoutcast Server 1.7.1
Nullsoft Shoutcast Server 1.8.2
Nullsoft Shoutcast Server
4
CVSSv2
CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>...
Gitlab Gitlab
6.4
CVSSv2
CVE-2021-22028
In versions of Greenplum database before 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.
Greenplum Greenplum
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »