Security Vulnerabilities, CVEs, Published In November 2005 (Directory traversal)
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
Max CVSS
5.0
EPSS Score
2.75%
Published
2005-11-30
Updated
2018-10-19
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
Max CVSS
6.4
EPSS Score
1.98%
Published
2005-11-30
Updated
2018-10-19
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.18%
Published
2005-11-30
Updated
2009-10-09
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
Max CVSS
6.4
EPSS Score
1.36%
Published
2005-11-29
Updated
2011-03-08
index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.39%
Published
2005-11-26
Updated
2011-03-08
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
Max CVSS
6.4
EPSS Score
1.17%
Published
2005-11-26
Updated
2018-10-19
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
Max CVSS
5.0
EPSS Score
18.55%
Published
2005-11-25
Updated
2017-07-11
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
Max CVSS
5.0
EPSS Score
1.27%
Published
2005-11-24
Updated
2016-10-18
Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.60%
Published
2005-11-22
Updated
2008-09-05
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
Max CVSS
5.0
EPSS Score
1.93%
Published
2005-11-22
Updated
2018-10-19
Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.
Max CVSS
5.0
EPSS Score
1.85%
Published
2005-11-19
Updated
2011-03-08
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
Max CVSS
6.4
EPSS Score
0.32%
Published
2005-11-18
Updated
2016-10-18
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.
Max CVSS
7.5
EPSS Score
9.64%
Published
2005-11-16
Updated
2011-03-08
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
Max CVSS
5.0
EPSS Score
4.32%
Published
2005-11-16
Updated
2018-10-19
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
Max CVSS
5.0
EPSS Score
1.57%
Published
2005-11-16
Updated
2018-10-19
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
Max CVSS
5.0
EPSS Score
1.39%
Published
2005-11-16
Updated
2018-10-19
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.
Max CVSS
4.0
EPSS Score
1.43%
Published
2005-11-16
Updated
2018-10-19
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Max CVSS
5.0
EPSS Score
6.85%
Published
2005-11-06
Updated
2011-03-08
Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
Max CVSS
5.0
EPSS Score
0.39%
Published
2005-11-04
Updated
2016-10-18
Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.
Max CVSS
5.0
EPSS Score
0.80%
Published
2005-11-03
Updated
2016-10-18
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
Max CVSS
5.0
EPSS Score
0.43%
Published
2005-11-02
Updated
2011-03-08
Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.
Max CVSS
5.0
EPSS Score
0.22%
Published
2005-11-02
Updated
2011-03-08
Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.
Max CVSS
5.0
EPSS Score
1.37%
Published
2005-11-02
Updated
2017-07-11
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
Max CVSS
6.4
EPSS Score
0.42%
Published
2005-11-18
Updated
2011-10-18
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
Max CVSS
6.8
EPSS Score
1.47%
Published
2005-11-18
Updated
2017-07-11