CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 68/72 • 8590 CVEs.

Subscribe CVEs: RSS for “Path Traversal”  ·  RSS (High+Critical only)

About “Path Traversal”

A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8590 CVEs for this tag (all time). In the last 365 days, 1472 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2005-08-24
High

CVE-2005-2686

Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to…

CVSS: 7.5 CWE: N/A View on NVD
2005-08-23
Medium

CVE-2005-2635

Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2648

Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2670

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via "…

CVSS: 5.0 CWE: N/A View on NVD
2005-08-17
Medium

CVE-2005-2598

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroli…

CVSS: 5.0 CWE: N/A View on NVD
2005-08-16
Medium

CVE-2005-2357

Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2573

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traver…

CVSS: 5.0 CWE: N/A View on NVD
2005-08-10
Medium

CVE-2005-2543

Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-07-27
Medium

CVE-2005-2384

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers…

CVSS: 5.0 CWE: N/A View on NVD
2005-07-26
Medium

CVE-2005-1691

Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequen…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-2378

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NO…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-07-20
Medium

CVE-2005-2330

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-07-13
Medium

CVE-2005-2248

Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2255

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan param…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-2256

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-07-06
Medium

CVE-2005-2169

Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, whi…

CVSS: 5.0 CWE: N/A View on NVD
2005-07-05
Medium

CVE-2005-2140

Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-2142

Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.

CVSS: 2.1 CWE: N/A View on NVD
2005-06-28
Medium

CVE-2005-2053

Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk)…

CVSS: 5.0 CWE: N/A View on NVD
2005-06-20
Medium

CVE-2005-2033

Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-06-19
Medium

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachmen…

CVSS: 6.4 CWE: N/A View on NVD
2005-06-17
Medium

CVE-2005-2043

Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.

CVSS: 5.0 CWE: N/A View on NVD
2005-06-16
High

CVE-2005-1952

Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequen…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1971

Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-06-15
Medium

CVE-2005-1998

Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2001

Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.

CVSS: 5.0 CWE: N/A View on NVD
2005-06-09
Medium

CVE-2005-1874

Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1884

Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-1896

Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-1902

Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via ..…

CVSS: 3.6 CWE: N/A View on NVD
2005-06-02
Medium

CVE-2005-1840

Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the la…

CVSS: 5.0 CWE: N/A View on NVD
2005-06-01
High

CVE-2005-1813

Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-05-29
Medium

CVE-2005-1798

Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-25
Medium

CVE-2005-1252

Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\"…

CVSS: 5.0 CWE: N/A View on NVD
2005-05-24
Medium

CVE-2005-1699

Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.

CVSS: 4.0 CWE: N/A View on NVD
2005-05-18
High

CVE-2005-1651

Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm param…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1657

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) dele…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1658

Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1662

Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-16
Medium

CVE-2005-1621

Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter t…

CVSS: 5.0 CWE: N/A View on NVD
2005-05-14
Medium

CVE-2005-1549

Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1571

Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic s…

CVSS: 5.0 CWE: N/A View on NVD
2005-05-11
Medium

CVE-2005-1480

Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1484

Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET comma…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1493

Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-04
Medium

CVE-2005-1333

Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-03
High

CVE-2005-1376

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1416

Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1421

Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1423

Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequence…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2005-1439

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1445

Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (…

CVSS: 6.4 CWE: N/A View on NVD
2005-05-02
Low

CVE-2005-0184

Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-0202

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not prop…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0213

Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0214

Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0253

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the…

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-0293

Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0299

Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name paramet…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0304

Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-0329

Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequen…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2005-0331

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filen…

CVSS: 2.6 CWE: N/A View on NVD
High

CVE-2005-0332

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey paramet…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0335

Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0344

Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-0348

Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2005-0372

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-0379

Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlog…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0442

Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0450

Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) "%2e%2e" (encoded dot dot) sequences.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0536

Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0538

Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0574

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0583

Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0657

Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot do…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-0796

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasse…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0801

Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0845

Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0933

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0947

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0978

Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-1073

Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in f…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1090

Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-1105

Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Dispositi…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1198

Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1201

Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot)…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2005-1228

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed fi…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1229

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2005-1230

Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1239

Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.l…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1242

Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1243

Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys…

CVSS: 5.0 CWE: N/A View on NVD
2005-04-22
High

CVE-2005-1283

Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or m…

CVSS: 7.5 CWE: N/A View on NVD
2005-04-20
High

CVE-2005-1240

Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsy…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1241

Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1244

Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib…

CVSS: 7.5 CWE: N/A View on NVD
2005-03-30
Medium

CVE-2005-0479

Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0483

Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files…

CVSS: 5.0 CWE: N/A View on NVD
2005-03-29
Medium

CVE-2005-0950

Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL.

CVSS: 5.0 CWE: N/A View on NVD
2005-03-14
Medium

CVE-2005-0258

Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0507

Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0789

Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request.

CVSS: 5.0 CWE: N/A View on NVD
2005-03-07
Medium

CVE-2005-0701

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE funct…

CVSS: 5.0 CWE: N/A View on NVD
2005-03-01
Medium

CVE-2004-1027

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) seq…

CVSS: 5.0 CWE: N/A View on NVD
2005-02-22
Low

CVE-2005-0161

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.

CVSS: 2.1 CWE: N/A View on NVD
2005-02-18
Medium

CVE-2005-0502

Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.

CVSS: 5.0 CWE: N/A View on NVD
2005-02-14
High

CVE-2005-0411

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.

CVSS: 7.5 CWE: N/A View on NVD
2005-02-09
Medium

CVE-2005-0367

Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e…

CVSS: 4.6 CWE: N/A View on NVD
2005-01-27
Medium

CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-0313

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary fil…

CVSS: 7.5 CWE: N/A View on NVD
2005-01-20
Medium

CVE-2005-0300

Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-1846

Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.

CVSS: 5.0 CWE: N/A View on NVD
2005-01-10
Critical

CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2004-1020

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vu…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-1206

Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-1212

Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.

CVSS: 5.0 CWE: N/A View on NVD