Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2686 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | |||||
| CVE-2004-1991 | 1 Aldostools | 1 Aldo\'s Web Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
| CVE-2004-1364 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-11-20 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | |||||
| CVE-2004-1354 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | 5.0 MEDIUM | N/A |
| The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | |||||
| CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2024-11-20 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2004-0175 | 1 Openbsd | 1 Openssh | 2024-11-20 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | |||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2024-11-20 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | |||||
| CVE-2003-1542 | 1 Ondrej Jombik | 1 Phpwebfilemanager | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | |||||
| CVE-2003-1537 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | |||||
| CVE-2003-1529 | 1 Seagull Software Systems | 1 J Walk Application Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | |||||
| CVE-2003-1501 | 1 Gast Arbeiter | 1 Gast Arbeiter | 2024-11-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | |||||
| CVE-2003-1499 | 1 Bytehoard | 1 Bytehoard | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | |||||
| CVE-2003-1465 | 1 Phorum | 1 Phorum | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | |||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | |||||
| CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2024-11-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | |||||
| CVE-2003-1414 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. | |||||
| CVE-2003-1413 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | |||||