Path Traversal

LD-Passwd Found in Requested URL - Possible LFI Attack

April 2, 2026

SOC SIEM EDR Log Analysis Web Attack LFI Path Traversal No Escalation True Positive AbuseIPDB VirusTotal

An external Tencent Cloud IP sent a single LFI request targeting /etc/passwd via path traversal. The server returned HTTP 500 with an empty response body, confirming the attack did not succeed.

LD-Arbitrary File Read on Checkpoint Security Gateway (CVE-2024-24919)

March 31, 2026

SOC SIEM EDR Log Analysis Web Attack CVE-2024-24919 Escalation to L2 True Positive Path Traversal LFI AbuseIPDB VirusTotal

An attacker exploited CVE-2024-24919 against a Check Point Security Gateway, successfully reading /etc/passwd via a path traversal payload. A second request targeting /etc/shadow from a related IP was blocked. The attack succeeded and the endpoint was escalated to Tier 2.

HTB-Conversor

January 19, 2026

Web Linux CVE-2024-48990 File-Upload Path Traversal Needrestart Sqlite Nmap

Flask web application vulnerable to path traversal during file uploads. Exploited by uploading Python reverse shell to cron-executed directory → gained www-data shell → extracted MD5 hashes from SQLite database → cracked password for user fismathack → leveraged CVE-2024-48990 in needrestart 3.7 for privilege escalation to root.

↑