Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33860
An issue exists in Logpoint prior to 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
NA
CVE-2022-44725
OPC Foundation Local Discovery Server (LDS) up to and including 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Opcfoundation Local Discovery Server
605
VMScore
CVE-2007-2058
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
Picozip Picozip 4.02
NA
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded ...
445
VMScore
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote malicious users to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
Symantec Norton Antivirus 2.5
694
VMScore
CVE-2006-3534
Directory traversal vulnerability in Nullsoft SHOUTcast DSP prior to 1.9.6 filters directory traversal sequences before decoding, which allows remote malicious users to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing &...
Nullsoft Shoutcast Server 1.8.3
Nullsoft Shoutcast Server 1.9.2
Nullsoft Shoutcast Server 1.8.9
Nullsoft Shoutcast Server 1.9.4
Nullsoft Shoutcast Server 1.9.5
Nullsoft Shoutcast Server 1.7.1
Nullsoft Shoutcast Server 1.8.2
Nullsoft Shoutcast Server
1000
VMScore
CVE-2007-0448
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent malicious users to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Php Php 5.2.0
1 EDB exploit
NA
CVE-2022-36913
Jenkins Openstack Heat Plugin 1.5 and previous versions does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Openstack Heat
NA
CVE-2022-36918
Jenkins Buckminster Plugin 1.1.1 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Jenkins Buckminster
NA
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and previous versions does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file syste...
Jenkins Visual Expert 1.0
Jenkins Visual Expert 1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »