CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-1859 Dir. Trav. 2004-03-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
52 CVE-2004-1857 Dir. Trav. 2004-03-24 2017-07-11
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
53 CVE-2004-1838 Dir. Trav. 2004-03-22 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL.
54 CVE-2004-1814 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp.
55 CVE-2004-1801 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
56 CVE-2004-1783 Dir. Trav. 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
57 CVE-2004-1742 Dir. Trav. 2004-08-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
58 CVE-2004-1733 Dir. Trav. 2004-08-20 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
59 CVE-2004-1715 Dir. Trav. 2004-08-11 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
60 CVE-2004-1679 Dir. Trav. 2004-08-04 2017-07-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
61 CVE-2004-1678 Dir. Trav. 2004-09-13 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
62 CVE-2004-1670 Dir. Trav. 2004-09-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
63 CVE-2004-1646 Dir. Trav. 2004-08-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
64 CVE-2004-1612 Dir. Trav. 2004-10-18 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
65 CVE-2004-1601 Dir. Trav. 2004-10-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
66 CVE-2004-1583 Dir. Trav. 2004-12-31 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
67 CVE-2004-1568 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
68 CVE-2004-1548 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.
69 CVE-2004-1543 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
70 CVE-2004-1505 Exec Code Dir. Trav. 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.
71 CVE-2004-1496 Dir. Trav. 2004-12-31 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).
72 CVE-2004-1444 22 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
73 CVE-2004-1426 Dir. Trav. 2004-12-31 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.
74 CVE-2004-1425 Dir. Trav. 2004-12-31 2020-12-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
75 CVE-2004-1407 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php.
76 CVE-2004-1399 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename.
77 CVE-2004-1376 Dir. Trav. 2004-12-30 2021-07-23
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
78 CVE-2004-1364 22 Dir. Trav. 2004-08-04 2018-10-19
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
79 CVE-2004-1354 22 Dir. Trav. +Info 2004-05-14 2018-10-30
5.0
None Remote Low Not required Partial None None
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
80 CVE-2004-0847 22 Dir. Trav. Bypass 2004-11-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
81 CVE-2004-0792 Dir. Trav. 2004-10-20 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
82 CVE-2004-0676 Dir. Trav. 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
83 CVE-2004-0664 Dir. Trav. 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter.
84 CVE-2004-0486 Exec Code Dir. Trav. 2004-07-07 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
85 CVE-2004-0465 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
86 CVE-2004-0349 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL.
87 CVE-2004-0344 Dir. Trav. 2004-11-23 2016-10-18
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
88 CVE-2004-0327 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
89 CVE-2004-0302 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
90 CVE-2004-0293 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
91 CVE-2004-0273 22 Dir. Trav. 2004-11-23 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
92 CVE-2004-0240 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
93 CVE-2004-0237 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
94 CVE-2004-0235 Dir. Trav. 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
95 CVE-2004-0233 Dir. Trav. 2004-08-18 2017-10-11
2.1
None Local Low Not required None Partial None
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
96 CVE-2004-0204 Dir. Trav. 2004-08-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
97 CVE-2004-0175 22 Dir. Trav. 2004-08-18 2017-10-11
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
98 CVE-2004-0173 Dir. Trav. 2004-04-15 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
99 CVE-2004-0129 Dir. Trav. 2004-03-03 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
100 CVE-2004-0127 Dir. Trav. 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
Total number of vulnerabilities : 111   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.