Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-37469
In NCH WebDictate v2.13 and previous versions, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
Nch Webdictate
7.5
CVSSv3
CVE-2018-20058
In Evernote prior to 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
Evernote Evernote
7.8
CVSSv3
CVE-2019-1268
An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.
Microsoft Windows 10 1903
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 -
Microsoft Windows 10 1607
Microsoft Windows 10 1703
Microsoft Windows 10 1709
Microsoft Windows 10 1803
Microsoft Windows Server 2019 -
Microsoft Windows 10 -
Microsoft Windows 10 1809
Microsoft Windows 7 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 1803
1 Github repository
1 Article
NA
CVE-2023-52544
Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
NA
CVE-2006-1340
CuteNews 1.4.1 and possibly other versions allows remote malicious users to obtain the installation path via unspecified vectors involving an invalid file path.
Cutephp Cutenews
Cutephp Cutenews 0.88
Cutephp Cutenews 1.3
Cutephp Cutenews 1.3.6
Cutephp Cutenews 1.4.0
Cutephp Cutenews 1.3.1
Cutephp Cutenews 1.3.2
9.8
CVSSv3
CVE-2015-0855
The _mediaLibraryPlayCb function in mainwindow.py in pitivi prior to 0.95 allows malicious users to execute arbitrary code via shell metacharacters in a file path.
Pitivi Pitivi
7.5
CVSSv3
CVE-2022-24241
ACEweb Online Portal 3.5.065 exists to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
Aceware Aceweb Online Portal
4.3
CVSSv3
CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and previous versions allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Team Concert
4.3
CVSSv3
CVE-2022-28147
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and previous versions allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Continuous Integration With Toad Edge
9.8
CVSSv3
CVE-2017-1000197
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Octobercms October
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »