Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
Max CVSS
5.0
EPSS Score
0.88%
Published
2001-02-16
Updated
2020-07-28
Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter.
Max CVSS
5.0
EPSS Score
19.33%
Published
2001-10-18
Updated
2016-05-25
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
Max CVSS
5.0
EPSS Score
94.79%
Published
2001-03-12
Updated
2021-07-06
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.
Max CVSS
5.0
EPSS Score
0.87%
Published
2001-12-30
Updated
2016-10-18
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Max CVSS
7.8
EPSS Score
1.28%
Published
2001-12-29
Updated
2017-07-11
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
Max CVSS
10.0
EPSS Score
1.08%
Published
2010-02-12
Updated
2017-08-17
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
8.03%
Published
2002-12-31
Updated
2020-03-26
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..".
Max CVSS
8.3
EPSS Score
0.29%
Published
2002-12-31
Updated
2017-07-29
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.
Max CVSS
5.0
EPSS Score
0.44%
Published
2002-12-31
Updated
2017-07-29
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
Max CVSS
5.0
EPSS Score
0.34%
Published
2002-12-31
Updated
2017-07-29
Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters.
Max CVSS
5.0
EPSS Score
0.44%
Published
2002-12-31
Updated
2017-07-29
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Max CVSS
9.4
EPSS Score
0.32%
Published
2002-12-31
Updated
2017-07-29
Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095.
Max CVSS
5.0
EPSS Score
0.30%
Published
2002-12-31
Updated
2017-07-29
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
Max CVSS
6.4
EPSS Score
1.97%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information.
Max CVSS
5.0
EPSS Score
0.23%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command.
Max CVSS
5.0
EPSS Score
0.24%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
6.4
EPSS Score
3.34%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
Max CVSS
5.0
EPSS Score
2.72%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
Max CVSS
5.0
EPSS Score
0.33%
Published
2002-12-31
Updated
2008-09-05
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
0.75%
Published
2004-04-15
Updated
2022-03-01
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
Max CVSS
5.0
EPSS Score
0.21%
Published
2003-12-31
Updated
2010-06-23
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
Max CVSS
5.0
EPSS Score
0.30%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
Max CVSS
5.0
EPSS Score
0.49%
Published
2003-12-31
Updated
2017-07-29
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!