Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
610
VMScore
CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote malicious users to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot ba...
Elastic Path Elastic Path 4.1.1
Elastic Path Elastic Path 4.1
2 EDB exploits
445
VMScore
CVE-2018-3732
resolve-path node module prior to 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Resolve-path Project Resolve-path
535
VMScore
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
NA
CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an malicious user to upload a file to any folde...
Thruk Thruk
1 Github repository
505
VMScore
CVE-2019-12276
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated malicious users to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch ...
Grandnode Grandnode 4.40
1 EDB exploit
1 Github repository
445
VMScore
CVE-2019-10038
Evernote 7.9 on macOS allows malicious users to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
Evernote Evernote 7.9
1 EDB exploit
790
VMScore
CVE-2020-11455
LimeSurvey prior to 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Limesurvey Limesurvey 4.1.12
Limesurvey Limesurvey
1 Metasploit module
NA
CVE-2022-35919
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any...
Minio Minio
3 Github repositories
358
VMScore
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
505
VMScore
CVE-2017-11456
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
Geneko Gwr352 3g Router Firmware -
Geneko Gwr352wv Wide Voltage 3g Router Firmware -
Geneko Gwr252 Edge Router Firmware -
Geneko Gwr202 Gprs Router Firmware -
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »