Security Vulnerabilities, CVEs, Published In September 2004 (Directory traversal)
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
Max CVSS
2.6
EPSS Score
0.36%
Published
2004-09-29
Updated
2017-11-16
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
Max CVSS
5.0
EPSS Score
1.85%
Published
2004-09-13
Updated
2017-07-11
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
Max CVSS
7.5
EPSS Score
0.61%
Published
2004-09-10
Updated
2017-07-11
3 vulnerabilities found