Total
5774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2399 | 1 Cascadesoft | 1 W3mail | 2023-12-10 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2002-2375 | 1 Stalker | 1 Communigate Pro | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | |||||
CVE-2002-2229 | 1 Sapio Design Ltd | 1 Webreflex | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | |||||
CVE-2002-2403 | 1 Key Focus | 1 Kf Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. | |||||
CVE-2003-1349 | 1 Thomas Krebs | 1 Niteserver Ftpd | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | |||||
CVE-2003-1345 | 1 Follett Software | 1 Webcollection Plus | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | |||||
CVE-2003-1529 | 1 Seagull Software Systems | 1 J Walk Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | |||||
CVE-2002-2387 | 1 Mollensoft Software | 1 Hyperion Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | |||||
CVE-2001-1205 | 1 Matrixs Cgi Vault | 1 Last Lines | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | |||||
CVE-2002-2351 | 1 Qualcomm | 1 Eudora | 2023-12-10 | 6.4 MEDIUM | N/A |
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | |||||
CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||
CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | |||||
CVE-2003-1414 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. | |||||
CVE-2002-2269 | 1 Webster | 1 Webster Http Server | 2023-12-10 | 9.4 HIGH | N/A |
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2003-0593 | 1 Opera | 1 Opera Browser | 2023-12-10 | 7.5 HIGH | N/A |
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2023-12-10 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | |||||
CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | |||||
CVE-2003-1499 | 1 Bytehoard | 1 Bytehoard | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | |||||
CVE-2002-2233 | 1 Mollensoft Software | 1 Enceladus Server Suite | 2023-12-10 | 8.3 HIGH | N/A |
Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..". |