Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2022-23409
The Logs plugin prior to 3.0.4 for Craft CMS allows remote malicious users to read arbitrary files via input to actionStream in Controller.php.
Ethercreative Logs
NA
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
NA
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and previous versions and FALCON XLWeb XLWebExe controller devices 2.02.11 and previous versions allow remote malicious users to bypass authentication and obtain administrative access by visiting the change-password page.
Honeywell Falcon Xlweb Linux Controller
Honeywell Falcon Xlweb Xlwebexe
NA
CVE-2019-6268
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
NA
CVE-2013-7174
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS prior to 4.1.0 allows remote malicious users to read arbitrary files via a full pathname in the f parameter.
Qnap Qts
Qnap Qts 4.0
7.8
CVSSv3
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote malicious users to execute arbitrary files via a .. (dot dot) in an archive file.
Extplorer Extplorer 2.1.9
1 EDB exploit
NA
CVE-2013-7097
Directory traversal vulnerability in 7 Media Web Solutions eduTrac prior to 1.1.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
7mediaws Edutrac 1.0.3
7mediaws Edutrac 1.0.2
7mediaws Edutrac
7mediaws Edutrac 1.0.9
7mediaws Edutrac 1.0.8
7mediaws Edutrac 1.0.6
7mediaws Edutrac 1.0.4
7mediaws Edutrac 1.0.1
7mediaws Edutrac 1.0.0
7mediaws Edutrac 1.0.7
7mediaws Edutrac 1.0.5
1 EDB exploit
7.5
CVSSv3
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
7.5
CVSSv3
CVE-2018-0296
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote malicious user to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software ...
Cisco Adaptive Security Appliance Software 8.1\\(2.5\\)
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense 6.2.3
Cisco Firepower Threat Defense
Cisco Firepower Threat Defense 6.2.3.1
Cisco Firepower Threat Defense 6.2.3-851
Cisco Firepower Threat Defense 6.2.3-85.02
2 EDB exploits
11 Github repositories
1 Article
6.5
CVSSv3
CVE-2019-3474
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Microfocus Filr 3.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »