Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-1000197
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Octobercms October
356
VMScore
CVE-2021-36233
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated malicious user to read arbitrary files from the filesystem by specifying the file path.
Unit4 Mik.starlight 7.9.5.24363
440
VMScore
CVE-2007-4734
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote malicious users to execute arbitrary code via a long file path in an m3u file.
Ots Labs Otsturntables 1.00
2 EDB exploits
445
VMScore
CVE-2020-25842
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
Panorama Nhiservisignadapter 1.0.20.0218
NA
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
Sonicwall Global Management System
NA
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and previous versions does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Sonargraph Integration
516
VMScore
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Jenkins Jenkins
NA
CVE-2023-6750
The Clone WordPress plugin prior to 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.
Backupbliss Clone
NA
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
Hitachienergy Esoms
668
VMScore
CVE-2021-37404
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »