Search Results (9608 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1095 1 Apache 1 Mod Python 2026-04-16 N/A
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
CVE-2006-0950 1 Unalz 1 Unalz 2026-04-16 N/A
unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.
CVE-2005-3347 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
CVE-2001-0054 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
CVE-2002-2403 1 Key Focus 1 Kf Web Server 2026-04-16 N/A
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
CVE-2004-2749 1 2wire 1 Homeportal 2026-04-16 N/A
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error.
CVE-2001-1432 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2005-2619 2 Autonomy, Ibm 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more 2026-04-16 N/A
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
CVE-2004-0847 1 Microsoft 1 Asp.net 2026-04-16 N/A
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
CVE-2006-2516 1 Xoops 1 Xoops 2026-04-16 N/A
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
CVE-2006-0931 1 Pear 1 Pear Archive Tar 2026-04-16 N/A
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
CVE-2003-1413 1 Apple 2 Darwin Streaming Server, Quicktime Streaming Server 2026-04-16 N/A
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
CVE-2003-1380 1 Bisonftp 1 Bisonftp Server 4 2026-04-16 N/A
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
CVE-2003-1430 3 Epic Games, Linux, Microsoft 3 Unreal Engine, Linux Kernel, All Windows 2026-04-16 N/A
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVE-2002-2238 1 Kunani 1 Kunani Odbc Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.
CVE-2002-2233 1 Mollensoft Software 1 Enceladus Server Suite 2026-04-16 N/A
Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..".
CVE-2002-2229 1 Sapio Design Ltd 1 Webreflex 2026-04-16 N/A
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.
CVE-2002-2240 1 Myserver 1 Myserver 2026-04-16 N/A
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
CVE-2002-2154 1 Monkey-project 1 Monkey 2026-04-16 N/A
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
CVE-2001-1205 1 Matrixs Cgi Vault 1 Last Lines 2026-04-16 N/A
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.