Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
path traversal vulnerabilities and exploits
(subscribe to this query)
610
VMScore
CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot...
Elastic Path Elastic Path 4.1
Elastic Path Elastic Path 4.1.1
2 EDB exploits available
445
VMScore
CVE-2018-3732
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path....
Resolve-path Project Resolve-path
384
VMScore
CVE-2018-1002200
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'....
Plexus-archiver Project Plexus-archiver
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
2 Github repositories available
NA
CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...
Redhat Keycloak
NA
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal....
Gilacms Gila Cms 1.11.8
NA
CVE-2019-3415
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files....
Zte Zxmw Nr8000 Firmware 2.4.4.04
Zte Zxmw Nr8000 Firmware 2.4.4.03
NA
CVE-2021-41026
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests....
Fortinet Fortiweb
NA
CVE-2021-41024
A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request...
Fortinet Fortiproxy 7.0.0
Fortinet Fortios 7.0.0
Fortinet Fortios 7.0.1
NA
CVE-2021-20095
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none....
187
VMScore
CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files....
Redhat Jboss Wildfly Application Server 9.0.0
Redhat Jboss Wildfly Application Server 10.0.0
Redhat Jboss Wildfly Application Server 9.0.2
Redhat Jboss Wildfly Application Server 10.1.0
Redhat Jboss Wildfly Application Server 11.0.0
Redhat Jboss Wildfly Application Server 9.0.1
Redhat Jboss Enterprise Application Platform 7.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34595
CVE-2022-23713
CVE-2022-21786
hard-coded
remote attackers
cross-site request forgery
CVE-2022-2274
CVE-2021-37839
CVE-2022-26135
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »