Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
path traversal vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin prior to 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Wpvivid Migration\\, Backup\\, Staging
NA
CVE-2015-0984
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers prior to...
Honeywell Excel Web Xl 1000c50 52 I\\/o
Honeywell Excel Web Xl 1000c1000 600 I\\/o Uukl
Honeywell Excel Web Xl 1000c500 300 I\\/o
Honeywell Excel Web Xl 1000c1000 600 I\\/o
Honeywell Excel Web Xl 1000c50u 52 I\\/o Uukl
Honeywell Excel Web Xl 1000c100u 104 I\\/o Uukl
Honeywell Excel Web Xl 1000c100 104 I\\/o
Honeywell Excel Web Xl 1000c500 300 I\\/o Uukl
NA
CVE-2019-6268
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
NA
CVE-2013-7174
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS prior to 4.1.0 allows remote malicious users to read arbitrary files via a full pathname in the f parameter.
Qnap Qts
Qnap Qts 4.0
NA
CVE-2015-7683
Absolute path traversal vulnerability in Font.php in the Font plugin prior to 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
Font Project Font
NA
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and previous versions and FALCON XLWeb XLWebExe controller devices 2.02.11 and previous versions allow remote malicious users to bypass authentication and obtain administrative access by visiting the change-password page.
Honeywell Falcon Xlweb Linux Controller
Honeywell Falcon Xlweb Xlwebexe
7.5
CVSSv3
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
7.5
CVSSv3
CVE-2018-0296
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote malicious user to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software ...
Cisco Adaptive Security Appliance Software 8.1\\(2.5\\)
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense 6.2.3
Cisco Firepower Threat Defense
Cisco Firepower Threat Defense 6.2.3.1
Cisco Firepower Threat Defense 6.2.3-851
Cisco Firepower Threat Defense 6.2.3-85.02
2 EDB exploits
12 Github repositories
1 Article
NA
CVE-2013-7097
Directory traversal vulnerability in 7 Media Web Solutions eduTrac prior to 1.1.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
7mediaws Edutrac 1.0.3
7mediaws Edutrac 1.0.2
7mediaws Edutrac
7mediaws Edutrac 1.0.9
7mediaws Edutrac 1.0.8
7mediaws Edutrac 1.0.6
7mediaws Edutrac 1.0.4
7mediaws Edutrac 1.0.1
7mediaws Edutrac 1.0.0
7mediaws Edutrac 1.0.7
7mediaws Edutrac 1.0.5
1 EDB exploit
7.8
CVSSv3
CVE-2016-4313
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote malicious users to execute arbitrary files via a .. (dot dot) in an archive file.
Extplorer Extplorer 2.1.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »