Total
8053 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2229 | 1 Sapio Design Ltd | 1 Webreflex | 2025-04-03 | N/A |
| Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | ||||
| CVE-2003-1499 | 1 Bytehoard | 1 Bytehoard | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | ||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | ||||
| CVE-2003-1349 | 1 Thomas Krebs | 1 Niteserver Ftpd | 2025-04-03 | N/A |
| Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | ||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | ||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.3 Medium |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | ||||
| CVE-2005-2792 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-03 | N/A |
| Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. | ||||
| CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2025-04-03 | N/A |
| The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | ||||
| CVE-2006-0950 | 1 Unalz | 1 Unalz | 2025-04-03 | N/A |
| unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | ||||
| CVE-2004-1354 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | ||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | ||||
| CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2025-04-03 | N/A |
| Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | ||||
| CVE-2005-0372 | 2 Gnome, Redhat | 2 Gtk, Enterprise Linux | 2025-04-03 | N/A |
| Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | ||||
| CVE-2003-1542 | 1 Ondrej Jombik | 1 Phpwebfilemanager | 2025-04-03 | N/A |
| Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | ||||
| CVE-2001-1432 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | N/A |
| Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2003-1537 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | ||||
| CVE-2005-2619 | 2 Autonomy, Ibm | 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more | 2025-04-03 | N/A |
| Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. | ||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | ||||
| CVE-2004-1991 | 1 Aldostools | 1 Aldo\'s Web Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | ||||
| CVE-2005-2371 | 1 Oracle | 1 Reports | 2025-04-03 | N/A |
| Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. | ||||