CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2005-1925Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | CVSS 7.5 | Tiki | - | Patched | |
CVE-2005-1918The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | CVSS 2.6 | Redhat, et al | - | Patched | |
CVE-2005-1813Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences. | CVSS 7.8 | Exploit | - | ||
CVE-2005-10002A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804. | CVSS 9.8 | Wp-plugins | - | Patched | |
CVE-2005-0372Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | CVSS 5 | Gnome | - | Patched | |
CVE-2005-0253Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter. | CVSS 5 | Guillaumegardey | Exploit | Patched | |
CVE-2004-2750Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS 5 | Exploit | Patched | ||
CVE-2004-2749Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | CVSS 4.3 | 2wire | Exploit | - | |
CVE-2004-2747Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | CVSS 4 | - | Patched | ||
CVE-2004-2745Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | CVSS 7.8 | Exploit | - | ||
CVE-2004-2717Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters. | CVSS 2.6 | Exploit | Patched | ||
CVE-2004-2686Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | CVSS 7.2 | Sun | Exploit | Patched | |
CVE-2004-1991Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | CVSS 5 | Aldostools | Exploit | Patched | |
CVE-2004-1927Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | CVSS 5 | Tiki | Exploit | Patched | |
CVE-2004-1444Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | CVSS 5 | Roundup-tracker | Exploit | Patched | |
CVE-2004-1364Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | CVSS 8.5 | Oracle | - | Patched | |
CVE-2004-1354The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | CVSS 5 | Sun | - | Patched | |
CVE-2004-0847The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | CVSS 9.8 | Microsoft | Exploit | Patched | |
CVE-2004-0273Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | CVSS 9.3 | Realnetworks | - | Patched | |
CVE-2004-0175Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | CVSS 4.3 | Openbsd | - | Patched | |
CVE-2003-1545Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | CVSS 5 | Phpnuke | - | - | |
CVE-2003-1542Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | CVSS 5 | - | Patched | ||
CVE-2003-1537Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | CVSS 5 | Exploit | - | ||
CVE-2003-1529Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | CVSS 5 | - | Patched | ||
CVE-2003-1501Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | CVSS 6.4 | Exploit | - | ||
CVE-2003-1499Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | CVSS 5 | Exploit | Patched | ||
CVE-2003-1465Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | CVSS 5 | Phorum | Exploit | Patched | |
CVE-2003-1430Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | CVSS 5 | - | - | ||
CVE-2003-1427Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | CVSS 6.4 | Netgear | Exploit | - | |
CVE-2003-1414Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. | CVSS 4.3 | Apple | Exploit | - | |
CVE-2003-1413parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | CVSS 4.3 | Apple | Exploit | - | |
CVE-2003-1380Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | CVSS 7.5 | Exploit | - | ||
CVE-2003-1373Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | CVSS 6.8 | - | - | ||
CVE-2003-1351Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | CVSS 5 | Exploit | - | ||
CVE-2003-1349Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | CVSS 5 | - | Patched | ||
CVE-2003-1345Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | CVSS 5 | - | - | ||
CVE-2003-1335Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | CVSS 5 | - | - | ||
CVE-2003-0593Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | CVSS 7.5 | Opera | Exploit | Patched | |
CVE-2002-2416Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. | CVSS 5 | Exploit | - | ||
CVE-2002-2403Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. | CVSS 5 | Exploit | - | ||
CVE-2002-2399Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | CVSS 6.4 | - | - | ||
CVE-2002-2387Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | CVSS 5 | - | - | ||
CVE-2002-2375Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | CVSS 5 | Communigate | - | - | |
CVE-2002-2351Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | CVSS 6.4 | Qualcomm | Exploit | - | |
CVE-2002-2292Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | CVSS 5 | - | - | ||
CVE-2002-2269Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | CVSS 9.4 | - | - | ||
CVE-2002-2256Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. | CVSS 5 | - | - | ||
CVE-2002-2240Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request. | CVSS 5 | Exploit | Patched | ||
CVE-2002-2238Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. | CVSS 5 | - | - | ||
CVE-2002-2233Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..". | CVSS 8.3 | Exploit | - | ||
CVE-2002-2229Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | CVSS 5 | - | - | ||
CVE-2002-2154Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | CVSS 5 | Monkey-project | Exploit | Patched | |
CVE-2001-1586Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664. | CVSS 10 | Analogx | Exploit | - | |
CVE-2001-1432Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | CVSS 7.8 | Cherokee-project | Exploit | - | |
CVE-2001-1205Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | CVSS 5 | - | Patched | ||
CVE-2001-0925The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | CVSS 5 | Apache, et al | Exploit | Patched | |
CVE-2001-0780Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. | CVSS 5 | Cosmicperl | Exploit | Patched | |
CVE-2001-0054Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | CVSS 5 | Solarwinds | Exploit | Patched |