CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(Directory Traversal) (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2745 22 Dir. Trav. 2004-12-31 2018-10-19
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
2 CVE-2004-2686 22 Dir. Trav. 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
3 CVE-2004-2674 Dir. Trav. 2004-12-31 2017-07-29
6.8
None Remote Low ??? Complete None None
Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
4 CVE-2004-2369 Dir. Trav. 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.
5 CVE-2004-2255 Dir. Trav. 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
6 CVE-2004-2184 Dir. Trav. 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
7 CVE-2004-1783 Dir. Trav. 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
8 CVE-2004-1670 Dir. Trav. 2004-09-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
9 CVE-2004-1601 Dir. Trav. 2004-10-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
10 CVE-2004-1583 Dir. Trav. 2004-12-31 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
11 CVE-2004-1505 Exec Code Dir. Trav. 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.
12 CVE-2004-1364 22 Dir. Trav. 2004-08-04 2018-10-19
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
13 CVE-2004-0847 22 Dir. Trav. Bypass 2004-11-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
14 CVE-2004-0792 Dir. Trav. 2004-10-20 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
15 CVE-2004-0676 Dir. Trav. 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
16 CVE-2004-0486 Exec Code Dir. Trav. 2004-07-07 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
17 CVE-2004-0344 Dir. Trav. 2004-11-23 2016-10-18
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
18 CVE-2004-0273 22 Dir. Trav. 2004-11-23 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
19 CVE-2004-0235 Dir. Trav. 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
20 CVE-2004-0204 Dir. Trav. 2004-08-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
21 CVE-2004-0127 Dir. Trav. 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
22 CVE-2003-1041 Dir. Trav. 2004-06-14 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
23 CVE-2003-1022 Dir. Trav. 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
24 CVE-2003-0594 Dir. Trav. Bypass 2004-04-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
25 CVE-2003-0593 Dir. Trav. Bypass 2004-04-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
26 CVE-2003-0592 Dir. Trav. Bypass 2004-04-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
27 CVE-2003-0514 Dir. Trav. Bypass 2004-04-15 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
28 CVE-2003-0513 Dir. Trav. Bypass 2004-04-15 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.