Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40279
An issue exists in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
NA
CVE-2013-7174
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS prior to 4.1.0 allows remote malicious users to read arbitrary files via a full pathname in the f parameter.
Qnap Qts
Qnap Qts 4.0
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
NA
CVE-2015-0984
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers prior to...
Honeywell Excel Web Xl 1000c50 52 I\\/o
Honeywell Excel Web Xl 1000c1000 600 I\\/o Uukl
Honeywell Excel Web Xl 1000c500 300 I\\/o
Honeywell Excel Web Xl 1000c1000 600 I\\/o
Honeywell Excel Web Xl 1000c50u 52 I\\/o Uukl
Honeywell Excel Web Xl 1000c100u 104 I\\/o Uukl
Honeywell Excel Web Xl 1000c100 104 I\\/o
Honeywell Excel Web Xl 1000c500 300 I\\/o Uukl
NA
CVE-2019-6268
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
NA
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and previous versions and FALCON XLWeb XLWebExe controller devices 2.02.11 and previous versions allow remote malicious users to bypass authentication and obtain administrative access by visiting the change-password page.
Honeywell Falcon Xlweb Linux Controller
Honeywell Falcon Xlweb Xlwebexe
7.5
CVSSv3
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
NA
CVE-2013-7097
Directory traversal vulnerability in 7 Media Web Solutions eduTrac prior to 1.1.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
7mediaws Edutrac 1.0.3
7mediaws Edutrac 1.0.2
7mediaws Edutrac
7mediaws Edutrac 1.0.9
7mediaws Edutrac 1.0.8
7mediaws Edutrac 1.0.6
7mediaws Edutrac 1.0.4
7mediaws Edutrac 1.0.1
7mediaws Edutrac 1.0.0
7mediaws Edutrac 1.0.7
7mediaws Edutrac 1.0.5
1 EDB exploit
7.5
CVSSv3
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
7.8
CVSSv3
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote malicious users to execute arbitrary files via a .. (dot dot) in an archive file.
Extplorer Extplorer 2.1.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »