path traversal vulnerabilities and exploits

(subscribe to this query)

610

VMScore

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot...

Elastic Path Elastic Path 4.1 Elastic Path Elastic Path 4.1.12 EDB exploits available

445

VMScore

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path....

Resolve-path Project Resolve-path

384

VMScore

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'....

Plexus-archiver Project Plexus-archiver Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux 7.5 Debian Debian Linux 8.0 Debian Debian Linux 9.02 Github repositories available

NA

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

Redhat Keycloak

NA

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal....

Gilacms Gila Cms 1.11.8

NA

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files....

Zte Zxmw Nr8000 Firmware 2.4.4.04 Zte Zxmw Nr8000 Firmware 2.4.4.03

NA

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests....

Fortinet Fortiweb

NA

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request...

Fortinet Fortiproxy 7.0.0 Fortinet Fortios 7.0.0 Fortinet Fortios 7.0.1

NA

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none....

187

VMScore

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files....

Redhat Jboss Wildfly Application Server 9.0.0 Redhat Jboss Wildfly Application Server 10.0.0 Redhat Jboss Wildfly Application Server 9.0.2 Redhat Jboss Wildfly Application Server 10.1.0 Redhat Jboss Wildfly Application Server 11.0.0 Redhat Jboss Wildfly Application Server 9.0.1 Redhat Jboss Enterprise Application Platform 7.1.0

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook