Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
610
VMScore
CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote malicious users to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot ba...
Elastic Path Elastic Path 4.1.1
Elastic Path Elastic Path 4.1
2 EDB exploits
445
VMScore
CVE-2018-3732
resolve-path node module prior to 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Resolve-path Project Resolve-path
535
VMScore
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
NA
CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an malicious user to upload a file to any folde...
Thruk Thruk
1 Github repository
445
VMScore
CVE-2019-10038
Evernote 7.9 on macOS allows malicious users to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
Evernote Evernote 7.9
1 EDB exploit
505
VMScore
CVE-2019-12276
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated malicious users to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch ...
Grandnode Grandnode 4.40
1 EDB exploit
1 Github repository
790
VMScore
CVE-2020-11455
LimeSurvey prior to 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Limesurvey Limesurvey 4.1.12
Limesurvey Limesurvey
1 Metasploit module
490
VMScore
CVE-2021-26601
ImpressCMS prior to 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.
Impresscms Impresscms
356
VMScore
CVE-2018-18809
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperRepo...
Tibco Jasperreports Server 6.4.0
Tibco Jasperreports Library 6.4.1
Tibco Jasperreports Server 6.4.2
Tibco Jasperreports Library 6.4.2
Tibco Jasperreports Server
Tibco Jasperreports Server 6.4.1
Tibco Jasperreports Server 6.4.3
Tibco Jasperreports Server 7.1.0
Tibco Jasperreports Server 6.3.4
Tibco Jasperreports Library
Tibco Jasperreports Library 6.3.4
Tibco Jasperreports Library 6.4.21
Tibco Jasperreports Library 7.1.0
Tibco Jasperreports Library 7.2.0
Tibco Jaspersoft Reporting And Analytics
Tibco Jaspersoft
NA
CVE-2023-22629
An issue exists in TitanFTP up to and including 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Southrivertech Titan Ftp Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »