CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4634 22 2 Dir. Trav. 2010-12-30 2010-12-31
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party.
2 CVE-2010-4622 22 Dir. Trav. 2010-12-30 2011-01-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
3 CVE-2010-4617 22 2 Dir. Trav. 2010-12-29 2011-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
4 CVE-2010-4613 22 1 Dir. Trav. 2010-12-29 2010-12-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
5 CVE-2010-4598 22 1 Dir. Trav. 2010-12-23 2011-01-14
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
6 CVE-2010-4406 22 2 Dir. Trav. 2010-12-06 2010-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.
7 CVE-2010-4399 22 2 Dir. Trav. 2010-12-06 2010-12-20
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
8 CVE-2010-4369 22 Dir. Trav. 2010-12-02 2011-02-23
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
9 CVE-2010-4330 22 1 Dir. Trav. 2010-12-07 2013-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
10 CVE-2010-4282 22 1 Dir. Trav. 2010-12-02 2010-12-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
11 CVE-2010-4270 22 Dir. Trav. 2010-11-16 2010-11-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
12 CVE-2010-4231 22 1 Dir. Trav. 2010-11-16 2010-11-18
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
13 CVE-2010-4181 22 1 Dir. Trav. 2010-11-04 2010-11-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
14 CVE-2010-4154 22 1 Dir. Trav. 2010-11-03 2010-11-04
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
15 CVE-2010-4153 22 Dir. Trav. 2010-11-03 2010-11-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
16 CVE-2010-4149 22 1 Dir. Trav. 2010-11-01 2010-11-03
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
17 CVE-2010-4148 22 1 Dir. Trav. 2010-11-01 2010-11-04
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
18 CVE-2010-4107 22 1 Dir. Trav. 2010-11-17 2011-09-21
7.8
None Remote Low Not required Complete None None
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
19 CVE-2010-4095 22 Dir. Trav. 2010-10-26 2010-10-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response.
20 CVE-2010-3910 22 Dir. Trav. 2010-11-26 2010-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php.
21 CVE-2010-3867 22 Dir. Trav. 2010-11-09 2011-09-14
7.1
None Remote High Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
22 CVE-2010-3863 22 Dir. Trav. Bypass 2010-11-05 2010-11-11
5.0
None Remote Low Not required Partial None None
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
23 CVE-2010-3842 22 Dir. Trav. 2010-10-27 2010-10-28
5.8
None Remote Medium Not required None Partial Partial
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.
24 CVE-2010-3743 22 1 Dir. Trav. 2010-10-08 2010-10-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
25 CVE-2010-3692 22 Dir. Trav. 2010-10-07 2011-03-01
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
26 CVE-2010-3688 22 Dir. Trav. 2010-09-29 2010-09-30
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter.
27 CVE-2010-3606 22 Dir. Trav. 2010-09-24 2010-09-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters.
28 CVE-2010-3490 22 1 Dir. Trav. 2010-09-28 2013-09-03
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
29 CVE-2010-3488 22 1 Dir. Trav. 2010-09-22 2010-09-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL.
30 CVE-2010-3487 22 1 Dir. Trav. 2010-09-22 2010-09-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
31 CVE-2010-3486 22 2 Dir. Trav. 2010-09-22 2010-09-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
32 CVE-2010-3480 22 1 Dir. Trav. 2010-09-22 2010-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
33 CVE-2010-3468 22 1 Dir. Trav. 2010-09-29 2010-09-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
34 CVE-2010-3460 22 1 Dir. Trav. 2010-09-17 2010-09-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
35 CVE-2010-3456 22 2 Dir. Trav. 2010-09-17 2013-07-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
36 CVE-2010-3426 22 2 Dir. Trav. 2010-09-16 2010-09-17
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
37 CVE-2010-3306 22 1 Dir. Trav. 2010-09-24 2010-09-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
38 CVE-2010-3261 22 Dir. Trav. 2010-09-24 2010-09-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.
39 CVE-2010-3203 22 1 Dir. Trav. 2010-09-03 2010-09-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
40 CVE-2010-3104 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
41 CVE-2010-3103 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
42 CVE-2010-3102 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
43 CVE-2010-3101 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
44 CVE-2010-3100 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
45 CVE-2010-3099 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
46 CVE-2010-3098 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
47 CVE-2010-3097 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
48 CVE-2010-3096 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.
49 CVE-2010-2920 22 2 Dir. Trav. 2010-07-30 2010-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
50 CVE-2010-2861 22 Dir. Trav. 2010-08-11 2013-09-23
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
Total number of vulnerabilities : 275   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.