Total
7187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3548 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | |||||
| CVE-2002-2292 | 1 Halycon Software | 1 Iasp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | |||||
| CVE-2006-1746 | 1 Tincan | 1 Phplist | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | |||||
| CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||||
| CVE-2004-1991 | 1 Aldostools | 1 Aldo\'s Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2003-1542 | 1 Ondrej Jombik | 1 Phpwebfilemanager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | |||||
| CVE-2002-2387 | 1 Mollensoft Software | 1 Hyperion Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | |||||
| CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | |||||
| CVE-2003-1413 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | |||||
| CVE-2003-1537 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | |||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 7.6 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | |||||
| CVE-2005-2378 | 1 Oracle | 1 Reports | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
| CVE-2006-0871 | 1 Mambo | 1 Mambo | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. | |||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | |||||
| CVE-2004-2750 | 1 Jbrowser | 1 Jbrowser | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1465 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2025-04-03 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2021-21972 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-02 | 10.0 HIGH | 9.8 CRITICAL |
| The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2020-5902 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2025-04-02 | 10.0 HIGH | 9.8 CRITICAL |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | |||||
| CVE-2021-22005 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. | |||||