Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
Max CVSS
5.0
EPSS Score
4.77%
Published
2003-12-31
Updated
2018-10-19
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
Max CVSS
5.0
EPSS Score
0.24%
Published
2003-12-31
Updated
2008-09-05
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
Max CVSS
5.0
EPSS Score
0.21%
Published
2003-12-31
Updated
2008-09-05
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
Max CVSS
5.0
EPSS Score
0.66%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
Max CVSS
6.4
EPSS Score
0.43%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.
Max CVSS
5.0
EPSS Score
1.61%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
Max CVSS
5.0
EPSS Score
0.47%
Published
2003-12-31
Updated
2017-07-29
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
Max CVSS
3.5
EPSS Score
0.25%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
Max CVSS
5.0
EPSS Score
1.88%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
Max CVSS
6.4
EPSS Score
0.99%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
Max CVSS
4.3
EPSS Score
1.05%
Published
2003-12-31
Updated
2017-07-29
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
Max CVSS
4.3
EPSS Score
0.62%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
Max CVSS
7.5
EPSS Score
0.45%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Max CVSS
6.8
EPSS Score
0.61%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
Max CVSS
5.0
EPSS Score
0.49%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
Max CVSS
5.0
EPSS Score
0.30%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
Max CVSS
5.0
EPSS Score
0.21%
Published
2003-12-31
Updated
2010-06-23
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
Max CVSS
4.0
EPSS Score
0.18%
Published
2003-12-31
Updated
2016-11-28
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
Max CVSS
5.0
EPSS Score
0.28%
Published
2003-12-31
Updated
2017-07-20
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.
Max CVSS
5.0
EPSS Score
0.19%
Published
2003-12-31
Updated
2008-09-05
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
Max CVSS
5.0
EPSS Score
0.70%
Published
2003-12-31
Updated
2008-09-05
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
Max CVSS
7.5
EPSS Score
1.10%
Published
2003-12-31
Updated
2017-07-11
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
5.0
EPSS Score
0.24%
Published
2003-12-31
Updated
2017-07-11
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
5.0
EPSS Score
1.24%
Published
2003-12-31
Updated
2017-07-11
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!