Medium
CVE-2006-5949
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD requ…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 65/72 • 8590 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8590 CVEs for this tag (all time). In the last 365 days, 1472 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-11-17
2006-11-15
Medium
CVE-2006-5897
Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) color…
Medium
CVE-2006-5898
Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter.
2006-11-14
Medium
CVE-2006-5894
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) i…
2006-11-11
Medium
CVE-2006-5862
Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unkno…
Medium
CVE-2006-5866
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
2006-11-10
Critical
CVE-2006-5487
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in…
Medium
CVE-2006-5846
Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vecto…
Medium
CVE-2006-5834
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
2006-11-07
High
CVE-2006-5786
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie coo…
2006-11-06
Medium
CVE-2006-5773
Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action par…
Medium
CVE-2006-5731
Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] p…
High
CVE-2006-5733
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie…
High
CVE-2006-5735
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parame…
2006-11-04
Medium
CVE-2006-5705
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequen…
Medium
CVE-2006-5716
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is no…
2006-10-31
High
CVE-2006-5617
Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot)…
Medium
CVE-2006-5618
Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
2006-10-30
Medium
CVE-2006-5607
Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter.
Medium
CVE-2006-5609
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
High
CVE-2006-5604
Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter.
2006-10-28
High
CVE-2006-5596
Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
2006-10-27
Medium
CVE-2006-5570
Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter.
2006-10-26
Medium
CVE-2006-5528
Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of t…
Medium
CVE-2006-5536
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
High
CVE-2006-5554
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using…
2006-10-25
Medium
CVE-2006-5510
Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by…
High
CVE-2006-5498
Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the…
2006-10-20
Medium
CVE-2006-5437
Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue coul…
2006-10-17
Medium
CVE-2006-5319
Directory traversal vulnerability in redir.php in Foafgen 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the foaf parameter.
Medium
CVE-2006-5320
Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.
2006-10-16
Medium
CVE-2006-5210
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" seque…
2006-10-12
High
CVE-2006-5263
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language param…
2006-10-10
Medium
CVE-2006-5188
Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors.
Medium
CVE-2006-5205
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php,…
2006-10-05
High
CVE-2006-5149
Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help…
2006-10-03
High
CVE-2006-5113
Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. N…
Medium
CVE-2006-5115
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploadi…
Medium
CVE-2006-5125
Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target…
2006-09-27
Medium
CVE-2006-5028
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot do…
Medium
CVE-2006-5031
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file pa…
Medium
CVE-2006-5034
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Medium
CVE-2006-5050
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
2006-09-25
Medium
CVE-2006-4977
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP co…
2006-09-23
Medium
CVE-2006-4955
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder an…
Medium
CVE-2006-4962
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt p…
Medium
CVE-2006-4963
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_v…
2006-09-22
Medium
CVE-2006-4900
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." se…
2006-09-21
Low
CVE-2006-4919
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir p…
High
CVE-2006-4913
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot d…
Low
CVE-2006-4914
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to…
2006-09-19
Medium
CVE-2006-4878
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the t…
2006-09-15
Critical
CVE-2006-4830
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of…
2006-09-13
Medium
CVE-2006-4766
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.
Medium
CVE-2006-4767
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter…
Medium
CVE-2006-4753
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
Medium
CVE-2006-4731
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code vi…
2006-09-12
Medium
CVE-2006-2658
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arb…
Medium
CVE-2006-4721
Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%0…
2006-09-11
Medium
CVE-2006-4681
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
2006-09-09
Medium
CVE-2006-4294
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Medium
CVE-2006-4651
Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via…
2006-09-08
High
CVE-2006-4636
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory paramet…
2006-09-06
Medium
CVE-2006-4550
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypa…
2006-08-31
Medium
CVE-2006-4490
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) seque…
Medium
CVE-2006-4491
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read…
Medium
CVE-2006-4503
Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter.
High
CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric para…
Medium
CVE-2006-4458
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence…
2006-08-29
High
CVE-2006-4432
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identif…
2006-08-28
Medium
CVE-2006-4418
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into…
Medium
CVE-2006-4420
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.
2006-08-26
Low
CVE-2006-4369
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an…
Medium
CVE-2006-4371
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary fil…
2006-08-23
Medium
CVE-2006-4298
Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation pa…
2006-08-22
Medium
CVE-2006-4290
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.
2006-08-21
Medium
CVE-2006-4258
Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, an…
Low
CVE-2006-4259
Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a d…
Medium
CVE-2006-4260
Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter.
2006-08-17
High
CVE-2006-4218
Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter par…
Medium
CVE-2006-4208
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary fi…
Low
CVE-2006-4190
Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation.
Medium
CVE-2006-4191
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences…
2006-08-16
Medium
CVE-2006-4161
Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.
2006-08-14
Medium
CVE-2006-4140
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f"…
2006-08-07
Medium
CVE-2006-4004
Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via dire…
High
CVE-2006-4013
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and o…
2006-08-05
Medium
CVE-2006-4000
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot d…
2006-08-02
Medium
CVE-2006-3972
Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid par…
2006-08-01
Medium
CVE-2006-3954
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do…
2006-07-31
Medium
CVE-2006-3934
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath par…
2006-07-27
Medium
CVE-2006-3885
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.
2006-07-25
Low
CVE-2006-3619
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing…
Medium
CVE-2006-3836
Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.
2006-07-21
Medium
CVE-2006-0817
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to in…
Medium
CVE-2006-0818
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated u…
2006-07-18
Medium
CVE-2006-3611
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] param…
Medium
CVE-2006-3623
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the d…
Medium
CVE-2006-3602
Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00)…
High
CVE-2006-3604
Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot…
2006-07-13
Medium
CVE-2006-3578
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.
High
CVE-2006-3554
Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, a…
2006-07-12
High
CVE-2006-3534
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot d…
Medium
CVE-2006-3535
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
2006-07-10
Medium
CVE-2006-3488
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in…
Medium
CVE-2006-2917
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of othe…
2006-07-07
Medium
CVE-2006-3406
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
Medium
CVE-2006-3426
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbi…
2006-07-06
Medium
CVE-2006-3360
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in…
Medium
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_c…
2006-06-30
Low
CVE-2006-3326
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, a…
2006-06-28
Medium
CVE-2006-3274
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the…
Medium
CVE-2006-3281
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename th…
2006-06-24
Medium
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00)…
Medium
CVE-2006-3210
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs o…
2006-06-23
Medium
CVE-2006-3178
Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (…
High
CVE-2006-3182
Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page.
Medium
CVE-2006-3194
Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gall…
2006-06-16
Low
CVE-2006-3050
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%…
2006-06-12
Medium
CVE-2006-2952
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the…