CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 67/72 • 8590 CVEs.

Subscribe CVEs: RSS for “Path Traversal”  ·  RSS (High+Critical only)

About “Path Traversal”

A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8590 CVEs for this tag (all time). In the last 365 days, 1472 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-02-24
Medium

CVE-2006-0873

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote fi…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0882

Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-23
Medium

CVE-2006-0869

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file…

CVSS: 6.4 CWE: N/A View on NVD
2006-02-22
Medium

CVE-2006-0847

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-19
Medium

CVE-2006-0795

Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2006-0798

Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or dele…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2006-0781

Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0785

Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parame…

CVSS: 6.4 CWE: N/A View on NVD
2006-02-16
Medium

CVE-2006-0732

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2…

CVSS: 6.4 CWE: N/A View on NVD
2006-02-15
Medium

CVE-2006-0702

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0713

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0714

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath pa…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-13
Medium

CVE-2006-0648

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the repla…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0656

Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability th…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0660

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in…

CVSS: 6.4 CWE: N/A View on NVD
2006-02-10
High

CVE-2006-0644

Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-09
Medium

CVE-2006-0625

Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2006-0611

Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique paramete…

CVSS: 7.5 CWE: N/A View on NVD
2006-02-07
Medium

CVE-2006-0567

Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-06
Medium

CVE-2006-0513

Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-01
Medium

CVE-2006-0494

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory travers…

CVSS: 4.3 CWE: N/A View on NVD
2006-01-31
Medium

CVE-2006-0484

Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-27
High

CVE-2006-0448

Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary di…

CVSS: 7.5 CWE: N/A View on NVD
2006-01-26
Medium

CVE-2006-0434

Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnera…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2006-01-22
Medium

CVE-2006-0371

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name an…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-21
Medium

CVE-2006-0347

Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0344

Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands.

CVSS: 6.4 CWE: N/A View on NVD
2006-01-19
Medium

CVE-2006-0315

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks,…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-0319

Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-18
Medium

CVE-2006-0275

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2006-0289

Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-0244

Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. N…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-16
Medium

CVE-2006-0223

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the usern…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2006-01-14
Medium

CVE-2006-0212

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-09
Medium

CVE-2006-0125

Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown;…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-0127

Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME com…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2006-0132

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2006-0133

Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1)…

CVSS: 3.6 CWE: N/A View on NVD
2006-01-06
Medium

CVE-2006-0104

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-05
Medium

CVE-2006-0090

Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-31
Low

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwr…

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-1939

Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2005-2619

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-4600

Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2005-4622

Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-4646

Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability.…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4797

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-28
Medium

CVE-2005-4557

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byt…

CVSS: 5.0 CWE: N/A View on NVD
2005-12-23
Medium

CVE-2005-4510

Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-22
Medium

CVE-2005-4467

Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parame…

CVSS: 5.0 CWE: N/A View on NVD
2005-12-20
Medium

CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2005-4376

Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-17
Medium

CVE-2005-4319

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4302

Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-14
Medium

CVE-2005-1930

Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Serve…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4212

Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4250

Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-13
Medium

CVE-2005-4201

Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4202

Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4208

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-11
Medium

CVE-2005-4160

Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4163

Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-08
Medium

CVE-2005-4086

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local f…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4095

Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type paramet…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4074

Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4083

Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-12-06
High

CVE-2005-4039

Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.

CVSS: 7.8 CWE: N/A View on NVD
2005-12-01
Medium

CVE-2005-3947

Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3948

Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.

CVSS: 5.0 CWE: N/A View on NVD
2005-11-30
Medium

CVE-2005-3910

merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3927

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-3929

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in th…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-29
Medium

CVE-2005-3878

Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.

CVSS: 6.4 CWE: N/A View on NVD
2005-11-26
Medium

CVE-2005-3830

index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (do…

CVSS: 6.4 CWE: N/A View on NVD
2005-11-25
Medium

CVE-2005-3811

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-24
Medium

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir paramete…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-22
Medium

CVE-2005-3763

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resu…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3755

Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-19
Medium

CVE-2005-3691

Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mai…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-18
Medium

CVE-2005-3680

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-3355

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2005-1925

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) la…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-3189

Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3347

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to includ…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-11-16
High

CVE-2005-3639

PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directo…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-3548

Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3557

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP P…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3559

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-11-06
Medium

CVE-2005-3507

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_arc…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-04
Medium

CVE-2005-3490

Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.

CVSS: 5.0 CWE: N/A View on NVD
2005-11-03
Medium

CVE-2005-3484

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-e…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-02
Medium

CVE-2005-3468

Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3471

Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3431

Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under c…

CVSS: 5.0 CWE: N/A View on NVD
2005-10-30
Medium

CVE-2005-3123

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".."…

CVSS: 5.0 CWE: N/A View on NVD
2005-10-26
Medium

CVE-2005-3307

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale para…

CVSS: 5.0 CWE: N/A View on NVD
2005-10-23
Medium

CVE-2005-3281

Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-10-17
Medium

CVE-2005-3251

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.

CVSS: 6.4 CWE: N/A View on NVD
2005-10-05
Medium

CVE-2005-3156

Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cle…

CVSS: 4.3 CWE: N/A View on NVD
2005-10-04
Medium

CVE-2005-3133

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directori…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3136

Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-28
Medium

CVE-2005-3097

Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir varia…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-27
Medium

CVE-2005-3086

Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter.

CVSS: 6.4 CWE: N/A View on NVD
2005-09-24
Medium

CVE-2005-3048

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which als…

CVSS: 6.4 CWE: N/A View on NVD
2005-09-22
Medium

CVE-2005-3040

Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-21
Medium

CVE-2005-3026

Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-3030

Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allow…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-20
Medium

CVE-2005-2997

Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-16
High

CVE-2005-2951

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (t…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-2952

Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-14
Medium

CVE-2005-2892

Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-08
Medium

CVE-2005-2020

Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2848

Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-07
Medium

CVE-2005-2813

Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id paramet…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-02
Medium

CVE-2005-2786

Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2792

Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-08-30
Medium

CVE-2005-2726

Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RET…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-2731

Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter t…

CVSS: 2.1 CWE: N/A View on NVD