Total
5774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2749 | 1 2wire | 1 Homeportal | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | |||||
CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | |||||
CVE-2004-2747 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | |||||
CVE-2006-3360 | 1 Phpsysinfo | 1 Phpsysinfo | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | |||||
CVE-2004-2686 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 7.2 HIGH | N/A |
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | |||||
CVE-2006-1095 | 1 Apache | 1 Mod Python | 2023-12-10 | 7.2 HIGH | N/A |
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||||
CVE-2005-2378 | 1 Oracle | 1 Reports | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
CVE-2005-3548 | 1 Invision Power Services | 1 Invision Board | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | |||||
CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||||
CVE-2001-0780 | 1 Cosmicperl | 1 Directory Pro | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. | |||||
CVE-2003-1537 | 1 Postnuke Software Foundation | 1 Postnuke | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | |||||
CVE-2003-1335 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | |||||
CVE-2002-2238 | 1 Kunani | 1 Kunani Odbc Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. | |||||
CVE-2004-1991 | 1 Aldostools | 1 Aldo\'s Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
CVE-2002-2292 | 1 Halycon Software | 1 Iasp | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | |||||
CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | |||||
CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | |||||
CVE-2001-1432 | 1 Cherokee | 1 Cherokee Httpd | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2023-12-10 | 9.3 HIGH | N/A |
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. |