Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
Max CVSS
10.0
EPSS Score
2.80%
Published
2004-08-06
Updated
2017-07-11
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Max CVSS
9.8
EPSS Score
93.98%
Published
2004-11-03
Updated
2018-10-12
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
Max CVSS
9.3
EPSS Score
0.55%
Published
2004-11-23
Updated
2017-10-10
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
Max CVSS
8.5
EPSS Score
1.70%
Published
2004-08-04
Updated
2018-10-19
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Max CVSS
7.8
EPSS Score
1.03%
Published
2004-12-31
Updated
2018-10-19
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
Max CVSS
7.6
EPSS Score
2.78%
Published
2004-07-07
Updated
2017-07-11
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
1.22%
Published
2004-04-15
Updated
2021-07-23
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
3.69%
Published
2004-04-15
Updated
2008-09-05
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
1.06%
Published
2004-04-15
Updated
2017-10-11
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
0.75%
Published
2004-04-15
Updated
2022-03-01
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
1.04%
Published
2004-04-15
Updated
2017-10-11
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
Max CVSS
7.5
EPSS Score
1.60%
Published
2004-01-20
Updated
2017-10-10
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
Max CVSS
7.5
EPSS Score
44.28%
Published
2004-06-14
Updated
2021-07-23
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
Max CVSS
7.5
EPSS Score
1.81%
Published
2004-03-03
Updated
2017-07-11
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Max CVSS
7.5
EPSS Score
96.55%
Published
2004-08-06
Updated
2018-10-12
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.
Max CVSS
7.5
EPSS Score
1.38%
Published
2004-12-31
Updated
2017-07-11
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
Max CVSS
7.5
EPSS Score
2.85%
Published
2004-10-16
Updated
2017-07-11
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
Max CVSS
7.5
EPSS Score
0.61%
Published
2004-09-10
Updated
2017-07-11
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
Max CVSS
7.5
EPSS Score
8.15%
Published
2004-12-31
Updated
2008-09-05
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2018-10-30
Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
Max CVSS
6.8
EPSS Score
0.26%
Published
2004-12-31
Updated
2017-07-29
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
Max CVSS
6.4
EPSS Score
0.64%
Published
2004-08-18
Updated
2017-10-11
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Max CVSS
6.4
EPSS Score
0.81%
Published
2004-11-23
Updated
2016-10-18
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
Max CVSS
6.4
EPSS Score
0.57%
Published
2004-10-20
Updated
2017-10-11
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
Max CVSS
6.4
EPSS Score
0.24%
Published
2004-12-31
Updated
2017-07-19
113 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!