CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4797 Dir. Trav. 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
2 CVE-2005-4646 Dir. Trav. 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3 CVE-2005-4622 Exec Code Dir. Trav. 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.
4 CVE-2005-4600 22 1 Dir. Trav. 2005-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
5 CVE-2005-4557 Dir. Trav. 2005-12-28 2008-09-05
5.0
None Remote Low Not required Partial None None
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
6 CVE-2005-4510 Dir. Trav. 2005-12-22 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
7 CVE-2005-4467 Dir. Trav. 2005-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.
8 CVE-2005-4424 Exec Code Dir. Trav. 2005-12-20 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
9 CVE-2005-4376 Dir. Trav. 2005-12-19 2008-09-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.
10 CVE-2005-4319 Dir. Trav. 2005-12-17 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
11 CVE-2005-4302 Dir. Trav. 2005-12-16 2008-09-20
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
12 CVE-2005-4250 Dir. Trav. 2005-12-14 2008-09-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.
13 CVE-2005-4212 Dir. Trav. 2005-12-14 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
14 CVE-2005-4208 Dir. Trav. 2005-12-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
15 CVE-2005-4202 Dir. Trav. 2005-12-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat paramter to the search URL. URL.
16 CVE-2005-4201 Dir. Trav. 2005-12-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.
17 CVE-2005-4163 Dir. Trav. 2005-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.
18 CVE-2005-4160 Dir. Trav. 2005-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument.
19 CVE-2005-4095 Dir. Trav. 2005-12-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
20 CVE-2005-4086 Dir. Trav. 2005-12-08 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
21 CVE-2005-4083 Dir. Trav. 2005-12-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.
22 CVE-2005-4074 Dir. Trav. 2005-12-07 2008-09-20
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters.
23 CVE-2005-4039 Dir. Trav. 2005-12-06 2008-09-20
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.
24 CVE-2005-3948 Dir. Trav. 2005-12-01 2008-10-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.
25 CVE-2005-3947 Dir. Trav. 2005-12-01 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.
26 CVE-2005-3929 Dir. Trav. 2005-11-30 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
27 CVE-2005-3927 Dir. Trav. 2005-11-30 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
28 CVE-2005-3910 Dir. Trav. 2005-11-30 2009-10-09
5.0
None Remote Low Not required None Partial None
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
29 CVE-2005-3878 Dir. Trav. 2005-11-29 2009-10-09
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
30 CVE-2005-3830 Dir. Trav. 2005-11-26 2009-10-09
5.0
None Remote Low Not required Partial None None
index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.
31 CVE-2005-3820 Exec Code Dir. Trav. 2005-11-25 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
32 CVE-2005-3811 Dir. Trav. 2005-11-25 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
33 CVE-2005-3789 Dir. Trav. 2005-11-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
34 CVE-2005-3755 Dir. Trav. 2005-11-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
35 CVE-2005-3691 Dir. Trav. 2005-11-18 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.
36 CVE-2005-3680 Dir. Trav. 2005-11-18 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
37 CVE-2005-3639 Dir. Trav. File Inclusion 2005-11-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.
38 CVE-2005-3559 Dir. Trav. 2005-11-16 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
39 CVE-2005-3557 Dir. Trav. 2005-11-16 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
40 CVE-2005-3550 Dir. Trav. 2005-11-16 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
41 CVE-2005-3548 22 Dir. Trav. 2005-11-16 2008-09-05
4.0
None Remote Low Single system None Partial None
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.
42 CVE-2005-3507 Exec Code +Priv Dir. Trav. 2005-11-06 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
43 CVE-2005-3490 Dir. Trav. 2005-11-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
44 CVE-2005-3484 Dir. Trav. 2005-11-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.
45 CVE-2005-3471 Dir. Trav. 2005-11-02 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
46 CVE-2005-3468 Dir. Trav. Bypass 2005-11-02 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.
47 CVE-2005-3355 22 Dir. Trav. 2005-11-18 2011-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
48 CVE-2005-3347 22 Dir. Trav. 2005-11-17 2010-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
49 CVE-2005-3307 Dir. Trav. 2005-10-25 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.
50 CVE-2005-3281 Dir. Trav. 2005-10-23 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter.
Total number of vulnerabilities : 202   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.