Total
7863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47747 | 1 Uber | 1 Kraken | 2025-04-03 | 7.5 High |
| kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | ||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | 7.5 High |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | ||||
| CVE-2022-46639 | 1 Correos | 1 Correos | 2025-04-03 | 7.5 High |
| A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | ||||
| CVE-2022-46959 | 1 Sonic Project | 1 Sonic | 2025-04-03 | 4.3 Medium |
| An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | ||||
| CVE-2022-25377 | 1 Appwrite | 1 Appwrite | 2025-04-03 | 7.5 High |
| The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.) | ||||
| CVE-2003-1349 | 1 Thomas Krebs | 1 Niteserver Ftpd | 2025-04-03 | N/A |
| Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | ||||
| CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | ||||
| CVE-2004-1354 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | ||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | ||||
| CVE-2006-3934 | 1 Alkacon | 1 Opencms | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | ||||
| CVE-2005-3347 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. | ||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.3 Medium |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | ||||
| CVE-2003-1529 | 1 Seagull Software Systems | 1 J Walk Application Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | ||||
| CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2025-04-03 | N/A |
| Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | ||||
| CVE-2001-1432 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | N/A |
| Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2005-2033 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-03 | N/A |
| Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter. | ||||
| CVE-2003-1345 | 1 Follett Software | 1 Webcollection Plus | 2025-04-03 | N/A |
| Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | ||||
| CVE-2005-3548 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | N/A |
| Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | ||||
| CVE-2005-1080 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-03 | N/A |
| Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. | ||||
| CVE-2002-2351 | 1 Qualcomm | 1 Eudora | 2025-04-03 | N/A |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | ||||