Total
8953 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2686 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | ||||
| CVE-2003-1499 | 1 Bytehoard | 1 Bytehoard | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | ||||
| CVE-2005-4600 | 1 Moxiecode | 1 Tinymce Compressor Php | 2026-04-16 | N/A |
| Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | ||||
| CVE-2003-1335 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2026-04-16 | N/A |
| Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | ||||
| CVE-2006-0950 | 1 Unalz | 1 Unalz | 2026-04-16 | N/A |
| unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | ||||
| CVE-2006-0976 | 1 Spid | 1 Spid | 2026-04-16 | N/A |
| Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter. | ||||
| CVE-2002-2238 | 1 Kunani | 1 Kunani Odbc Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. | ||||
| CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2026-04-16 | N/A |
| Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | ||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | ||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | ||||
| CVE-2002-2154 | 1 Monkey-project | 1 Monkey | 2026-04-16 | N/A |
| Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | ||||
| CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2026-04-16 | N/A |
| The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | ||||
| CVE-2005-0253 | 1 Guillaumegardey | 1 Biborb | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter. | ||||
| CVE-2005-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | ||||
| CVE-2005-3347 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. | ||||
| CVE-2004-2749 | 1 2wire | 1 Homeportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | ||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2026-04-16 | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | ||||
| CVE-2005-2378 | 1 Oracle | 1 Reports | 2026-04-16 | N/A |
| Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | ||||
| CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | ||||
| CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | ||||