Security Vulnerabilities, CVEs, (Directory traversal)
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
Max CVSS
10.0
EPSS Score
1.06%
Published
2001-08-31
Updated
2008-09-05
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
Max CVSS
10.0
EPSS Score
1.93%
Published
2001-06-23
Updated
2017-10-10
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
Max CVSS
10.0
EPSS Score
0.93%
Published
2001-12-17
Updated
2016-10-18
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
Max CVSS
10.0
EPSS Score
1.08%
Published
2010-02-12
Updated
2017-08-17
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
Max CVSS
10.0
EPSS Score
0.85%
Published
2002-08-12
Updated
2017-12-19
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
Max CVSS
10.0
EPSS Score
1.83%
Published
2002-10-04
Updated
2008-09-05
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
Max CVSS
10.0
EPSS Score
2.80%
Published
2004-08-06
Updated
2017-07-11
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
Max CVSS
10.0
EPSS Score
8.80%
Published
2005-01-10
Updated
2017-10-11
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
Max CVSS
10.0
EPSS Score
4.06%
Published
2005-01-10
Updated
2017-07-11
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal.
Max CVSS
10.0
EPSS Score
5.55%
Published
2006-01-18
Updated
2018-10-19
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
Max CVSS
10.0
EPSS Score
0.31%
Published
2006-09-15
Updated
2008-09-05
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
Max CVSS
10.0
EPSS Score
2.49%
Published
2006-11-10
Updated
2018-10-17
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
Max CVSS
10.0
EPSS Score
4.30%
Published
2006-12-04
Updated
2018-10-17
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
Max CVSS
10.0
EPSS Score
0.73%
Published
2006-12-15
Updated
2017-10-19
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
Max CVSS
10.0
EPSS Score
4.04%
Published
2007-03-06
Updated
2017-10-11
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
Max CVSS
10.0
EPSS Score
1.95%
Published
2007-02-12
Updated
2018-10-16
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
Max CVSS
10.0
EPSS Score
6.37%
Published
2007-03-07
Updated
2018-10-16
Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.
Max CVSS
10.0
EPSS Score
3.60%
Published
2007-04-24
Updated
2017-10-11
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion
Max CVSS
10.0
EPSS Score
3.27%
Published
2007-05-04
Updated
2024-04-11
Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.
Max CVSS
10.0
EPSS Score
1.10%
Published
2007-05-13
Updated
2017-07-29
Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.
Max CVSS
10.0
EPSS Score
3.27%
Published
2007-05-13
Updated
2018-10-16
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
12.95%
Published
2007-09-19
Updated
2017-09-29
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
Max CVSS
10.0
EPSS Score
19.13%
Published
2007-09-19
Updated
2017-09-29
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.
Max CVSS
10.0
EPSS Score
4.73%
Published
2007-10-01
Updated
2021-04-08
Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php
Max CVSS
10.0
EPSS Score
0.74%
Published
2007-10-11
Updated
2024-04-11
7249 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290