Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote malicious users to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot ba...
Elastic Path Elastic Path 4.1.1
Elastic Path Elastic Path 4.1
2 EDB exploits
5
CVSSv2
CVE-2018-3732
resolve-path node module prior to 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Resolve-path Project Resolve-path
6
CVSSv2
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
4.4
CVSSv2
CVE-2019-10038
Evernote 7.9 on macOS allows malicious users to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
Evernote Evernote 7.9
1 EDB exploit
NA
CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an malicious user to upload a file to any folde...
Thruk Thruk
1 Github repository
5
CVSSv2
CVE-2019-12276
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated malicious users to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch ...
Grandnode Grandnode 4.40
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2020-11455
LimeSurvey prior to 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Limesurvey Limesurvey 4.1.12
Limesurvey Limesurvey
1 Metasploit module
NA
CVE-2022-35919
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any...
Minio Minio
3 Github repositories
NA
CVE-2023-22629
An issue exists in TitanFTP up to and including 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
Southrivertech Titan Ftp Server
4
CVSSv2
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »