CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2003(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1545 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
2 CVE-2003-1542 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
3 CVE-2003-1537 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
4 CVE-2003-1529 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
5 CVE-2003-1501 22 Dir. Trav. 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
6 CVE-2003-1499 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.
7 CVE-2003-1465 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
8 CVE-2003-1430 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
9 CVE-2003-1427 22 Dir. Trav. 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg coniguration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
10 CVE-2003-1414 22 Dir. Trav. 2003-12-31 2008-09-05
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename paramter.
11 CVE-2003-1413 22 Dir. Trav. 2003-12-31 2008-09-05
4.3
None Remote Medium Not required None None Partial
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
12 CVE-2003-1380 22 Dir. Trav. 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
13 CVE-2003-1373 22 Dir. Trav. 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
14 CVE-2003-1351 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
15 CVE-2003-1349 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
16 CVE-2003-1345 22 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
17 CVE-2003-1335 22 Dir. Trav. 2003-12-31 2010-06-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
18 CVE-2003-1299 1 Dir. Trav. 2003-12-31 2008-09-05
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
19 CVE-2003-1298 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
20 CVE-2003-1280 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.
21 CVE-2003-1239 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
22 CVE-2003-1180 Dir. Trav. 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
23 CVE-2003-1172 Dir. Trav. 2003-12-31 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
24 CVE-2003-1166 Dir. Trav. 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
25 CVE-2003-0940 Dir. Trav. 2003-12-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
26 CVE-2003-0839 Dir. Trav. 2003-11-17 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
27 CVE-2003-0832 Dir. Trav. 2003-11-17 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
28 CVE-2003-0756 Dir. Trav. 2003-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter.
29 CVE-2003-0748 Dir. Trav. 2003-10-20 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
30 CVE-2003-0676 Dir. Trav. 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
31 CVE-2003-0650 Exec Code Dir. Trav. 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
32 CVE-2003-0610 Dir. Trav. 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
33 CVE-2003-0536 DoS Dir. Trav. 2003-08-18 2008-09-10
3.6
None Local Low Not required Partial None Partial
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
34 CVE-2003-0505 Dir. Trav. 2003-08-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
35 CVE-2003-0475 Dir. Trav. 2003-08-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474.
36 CVE-2003-0474 Dir. Trav. 2003-08-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475.
37 CVE-2003-0425 Dir. Trav. 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
38 CVE-2003-0417 Dir. Trav. 2003-06-30 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via ".|." (modified dot-dot) sequences.
39 CVE-2003-0392 Dir. Trav. 2003-07-02 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
40 CVE-2003-0338 Dir. Trav. 2003-05-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
41 CVE-2003-0313 Dir. Trav. 2003-06-16 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
42 CVE-2003-0312 Dir. Trav. 2003-06-16 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
43 CVE-2003-0282 Dir. Trav. 2003-06-16 2008-09-10
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
44 CVE-2003-0277 Dir. Trav. 2003-06-16 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
45 CVE-2003-0228 Exec Code Dir. Trav. 2003-05-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
46 CVE-2003-0156 Dir. Trav. 2003-03-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
47 CVE-2003-0104 Dir. Trav. 2003-03-18 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
48 CVE-2003-0027 Dir. Trav. 2003-02-07 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
49 CVE-2002-1562 Dir. Trav. 2003-05-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
50 CVE-2002-1559 Dir. Trav. 2003-03-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
Total number of vulnerabilities : 60   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.