Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-0497

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Feb, 2009 | 01:00
Updated At-07 Aug, 2024 | 04:40
Rejected At-
Credits

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Feb, 2009 | 01:00
Updated At:07 Aug, 2024 | 04:40
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.gentoo.org/show_bug.cgi?id=257585
x_refsource_MISC
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
x_refsource_MISC
http://secunia.com/advisories/33452
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/32945
vdb-entry
x_refsource_BID
http://www.securityfocus.com/archive/1/499880/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
vdb-entry
x_refsource_XF
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
x_refsource_MISC
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=257585
Resource:
x_refsource_MISC
Hyperlink: http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/33452
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/32945
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/archive/1/499880/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.gentoo.org/show_bug.cgi?id=257585
x_refsource_MISC
x_transferred
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
x_refsource_MISC
x_transferred
http://secunia.com/advisories/33452
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/32945
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/archive/1/499880/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
vdb-entry
x_refsource_XF
x_transferred
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
x_refsource_MISC
x_transferred
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=257585
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/33452
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32945
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/499880/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Feb, 2009 | 01:30
Updated At:11 Oct, 2018 | 21:01

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
igniterealtime
igniterealtime
>>openfire>>3.6.2
cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/33452cve@mitre.org
Vendor Advisory
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jspcve@mitre.org
Exploit
http://www.coresecurity.com/content/openfire-multiple-vulnerabilitiescve@mitre.org
N/A
http://www.securityfocus.com/archive/1/499880/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/32945cve@mitre.org
N/A
https://bugs.gentoo.org/show_bug.cgi?id=257585cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/47806cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/33452
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/499880/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/32945
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=257585
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1394Records found
CVE-2008-1221
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.28% / 89.80%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

Action-Not Available
Vendor-microworld_technologiesn/a
Product-escanescan_management_consoleescan_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1145
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-59.85% / 98.22%
||
7 Day CHG~0.00%
Published-04 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Action-Not Available
Vendor-n/aFedora ProjectRuby
Product-fedorarubywebrickn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.91%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.

Action-Not Available
Vendor-mg-softn/a
Product-net_inspectorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7741
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.05% / 77.21%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 20:00
Updated-21 Aug, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-ltcmswanglongcnwanglongcn
Product-ltcmsltcmsltcms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.91%
||
7 Day CHG~0.00%
Published-11 Apr, 2008 | 19:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.

Action-Not Available
Vendor-arwscriptsn/a
Product-gallery_script_liten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.18% / 38.95%
||
7 Day CHG~0.00%
Published-02 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-perlbaln/a
Product-perlbaln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1643
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.38%
||
7 Day CHG~0.00%
Published-02 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-landesk_softwaren/a
Product-landesk_management_suiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7924
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-2.44% / 84.90%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 18:00
Updated-21 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS list.php path traversal

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/azzcms
Product-zzcmsZZCMSzzcms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.65% / 70.40%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1125
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.99% / 88.17%
||
7 Day CHG~0.00%
Published-03 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.

Action-Not Available
Vendor-podcast_generatorn/a
Product-podcast_generatorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5410
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-94.32% / 99.95%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 16:50
Updated-03 Nov, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.
Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_cloud_configSpring Cloud ConfigSpring Cloud Configuration (Config) Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2014-7174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-01 Jun, 2020 | 16:42
Updated-06 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.

Action-Not Available
Vendor-farsiten/a
Product-farlinx_x25_gatewayfarlinx_x25_gateway_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.18% / 38.95%
||
7 Day CHG~0.00%
Published-18 Apr, 2008 | 15:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418.

Action-Not Available
Vendor-wikepagen/a
Product-opusn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-1352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.10% / 26.59%
||
7 Day CHG~0.00%
Published-17 Mar, 2008 | 16:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the _SearchTemplate parameter during a Title search.

Action-Not Available
Vendor-hangzhou_network_technology_developmentn/a
Product-ediorcmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.21% / 91.44%
||
7 Day CHG~0.00%
Published-19 Aug, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.

Action-Not Available
Vendor-n/aBitdefender
Product-gravityzonen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 87.89%
||
7 Day CHG~0.00%
Published-01 Feb, 2008 | 19:41
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Action-Not Available
Vendor-gerd_tentlern/a
Product-simple_forumn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.45% / 92.65%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Action-Not Available
Vendor-intermaten/a
Product-winipdsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-1589
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.11% / 83.80%
||
7 Day CHG~0.00%
Published-29 Apr, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Action-Not Available
Vendor-mojoliciousn/a
Product-mojoliciousn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.40% / 59.86%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.

Action-Not Available
Vendor-itheoran/a
Product-itheoran/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0431
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.65% / 89.09%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.

Action-Not Available
Vendor-idmosn/a
Product-idmos_cmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 87.89%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.

Action-Not Available
Vendor-xpwebn/a
Product-xpwebn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.01% / 88.22%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.

Action-Not Available
Vendor-sflogn/a
Product-sflogn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-86.55% / 99.40%
||
7 Day CHG~0.00%
Published-04 Dec, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_social_it_plusmanageengine_it360manageengine_opmanagern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-2119
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-7.42% / 91.58%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-wbceWBCE Team
Product-wbce_cmsWBCE CMS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0758
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.21% / 43.18%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.

Action-Not Available
Vendor-group_logicn/a
Product-extremez-ip_print_serverextremez-ip_file_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5446
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-65.74% / 98.46%
||
7 Day CHG~0.00%
Published-04 Dec, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_netflow_analyzermanageengine_it360n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0782
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.93% / 93.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

Action-Not Available
Vendor-moinmoinn/a
Product-moinmoinn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.14% / 93.32%
||
7 Day CHG~0.00%
Published-29 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.

Action-Not Available
Vendor-web_wizn/a
Product-rich_text_editorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.14% / 93.32%
||
7 Day CHG~0.00%
Published-29 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.

Action-Not Available
Vendor-web_wizn/a
Product-newspadn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.20% / 84.13%
||
7 Day CHG~0.00%
Published-30 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Action-Not Available
Vendor-clanspheren/a
Product-clanspheren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-77.88% / 98.97%
||
7 Day CHG~0.00%
Published-20 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

Action-Not Available
Vendor-osclassn/a
Product-osclassn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-12.15% / 93.66%
||
7 Day CHG~0.00%
Published-25 Jan, 2008 | 15:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

Action-Not Available
Vendor-absofortn/a
Product-aconon_mail_enterprise_sqln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-19877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.78%
||
7 Day CHG~0.00%
Published-27 Nov, 2020 | 16:23
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.

Action-Not Available
Vendor-n/aB&R Industrial Automation GmbH
Product-industrial_automation_aproln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 74.42%
||
7 Day CHG~0.00%
Published-11 Jan, 2018 | 16:00
Updated-06 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

Action-Not Available
Vendor-microsemin/a
Product-s350i_firmwares350in/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5115
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.19% / 91.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.

Action-Not Available
Vendor-dirphp_projectn/a
Product-dirphpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0480
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.53% / 92.21%
||
7 Day CHG~0.00%
Published-29 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.

Action-Not Available
Vendor-web_wizn/a
Product-web_wiz_forumsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-4306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.38% / 90.81%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.

Action-Not Available
Vendor-webtitann/a
Product-webtitann/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 87.89%
||
7 Day CHG~0.00%
Published-22 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Action-Not Available
Vendor-meon/a
Product-globsyn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-4937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.39% / 90.82%
||
7 Day CHG~0.00%
Published-11 Jul, 2014 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Action-Not Available
Vendor-bookx_plugin_projectn/a
Product-bookxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.82% / 87.89%
||
7 Day CHG~0.00%
Published-31 Jan, 2008 | 19:30
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.

Action-Not Available
Vendor-bubbling_libraryn/a
Product-bubbling_libraryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0068
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-5||MEDIUM
EPSS-58.68% / 98.17%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0435
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.91%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.

Action-Not Available
Vendor-ozjournalsn/a
Product-ozjournalsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.20% / 84.13%
||
7 Day CHG~0.00%
Published-04 Feb, 2008 | 22:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.

Action-Not Available
Vendor-nilsons_bloggern/a
Product-nilsons_bloggern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 45.83%
||
7 Day CHG-0.76%
Published-06 Aug, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.

Action-Not Available
Vendor-last.fm_rotation_plugin_projectn/a
Product-lastfm-rotation_pluginn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-18951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-63.60% / 98.37%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 22:38
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.

Action-Not Available
Vendor-sibsoftn/a
Product-xfilesharingn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.62% / 92.26%
||
7 Day CHG~0.00%
Published-25 Jan, 2008 | 15:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.

Action-Not Available
Vendor-seagullproject.orgn/a
Product-seagulln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.28% / 89.80%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.

Action-Not Available
Vendor-safenetn/a
Product-sentinel_keys_serversentinel_protection_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-2976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.66% / 94.33%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.

Action-Not Available
Vendor-sixnetn/a
Product-sixview_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-18636
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.13%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 12:35
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.

Action-Not Available
Vendor-esafenetn/a
Product-cdgn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-3975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.67% / 94.10%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.

Action-Not Available
Vendor-auracmsn/a
Product-auracmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 27
  • 28
  • Next
Details not found