Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-22629
An issue exists in TitanFTP up to and including 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Southrivertech Titan Ftp Server
NA
CVE-2020-128272
MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
NA
CVE-2020-128272020
MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
7.5
CVSSv3
CVE-2022-45129
Payara prior to 2022-11-04, when deployed to the root context, allows malicious users to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community prior to 4.1.2.191.38, 5.x prior to 5.2022.4, and 6.x prior to 6.2022.1, and ...
Payara Payara
4.9
CVSSv3
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][base...
Typo3 Typo3 11.5.24
8.1
CVSSv3
CVE-2021-26601
ImpressCMS prior to 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.
Impresscms Impresscms
6.5
CVSSv3
CVE-2022-27248
A directory traversal vulnerability in IdeaRE RefTree prior to 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path fi...
Idearespa Reftree
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
4.9
CVSSv3
CVE-2022-23409
The Logs plugin prior to 3.0.4 for Craft CMS allows remote malicious users to read arbitrary files via input to actionStream in Controller.php.
Ethercreative Logs
NA
CVE-2023-40279
An issue exists in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »