Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9607 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1545 2 Nukestyles, Phpnuke 2 Viewpage, Nukestyles Viewpage Module 2026-04-16 N/A
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
CVE-2004-0847 1 Microsoft 1 Asp.net 2026-04-16 N/A
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
CVE-2004-1354 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
CVE-2004-1364 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
CVE-2004-1444 1 Roundup-tracker 1 Roundup 2026-04-16 N/A
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
CVE-2005-0253 1 Guillaumegardey 1 Biborb 2026-04-16 N/A
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
CVE-2005-0372 2 Gnome, Redhat 2 Gtk, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
CVE-2005-1080 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-16 N/A
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
CVE-2005-1813 1 Futuresoft 1 Tftp Server 2000 2026-04-16 N/A
Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences.
CVE-2005-1918 2 Gnu, Redhat 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVE-2005-2033 1 Blue-collar Productions 1 I-gallery 2026-04-16 N/A
Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.
CVE-2005-2619 2 Autonomy, Ibm 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more 2026-04-16 N/A
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
CVE-2005-2792 1 Phpldapadmin Project 1 Phpldapadmin 2026-04-16 N/A
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
CVE-2005-3347 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
CVE-2005-3355 1 Gnu 1 Gnump3d 2026-04-16 N/A
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
CVE-2006-0795 1 Thomastsoi 1 Quirex 2026-04-16 N/A
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.
CVE-2006-0871 1 Mambo 1 Mambo 2026-04-16 N/A
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
CVE-2006-0931 1 Pear 1 Pear Archive Tar 2026-04-16 N/A
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
CVE-2006-0950 1 Unalz 1 Unalz 2026-04-16 N/A
unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.
CVE-2006-0976 1 Spid 1 Spid 2026-04-16 N/A
Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.