Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2009-12-29 CVE-2009-4449 Path Traversal vulnerability in Mybboard Mybb 1.4.10
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
network
low complexity
mybboard CWE-22
6.5
2009-12-03 CVE-2009-4194 Path Traversal vulnerability in Kmint21 Golden FTP Server 4.30/4.50
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a ..
network
low complexity
kmint21 CWE-22
8.1
2009-11-23 CVE-2009-4053 Path Traversal vulnerability in Home FTP Server Project Home FTP Server 1.10.1.139
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request.
network
low complexity
home-ftp-server-project CWE-22
6.5
2009-06-05 CVE-2009-1936 Path Traversal vulnerability in Cpcommerce Project Cpcommerce 1.2.0/1.2.9
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
network
low complexity
cpcommerce-project CWE-22
critical
9.8
2009-01-21 CVE-2009-0244 Path Traversal vulnerability in Microsoft Windows Mobile 5.0/6.0
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a ..
network
low complexity
microsoft CWE-22
8.8
2008-12-29 CVE-2008-5748 Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
network
high complexity
bloofox CWE-22
8.1
2004-11-03 CVE-2004-0847 Path Traversal vulnerability in Microsoft Asp.Net 1.0/1.1
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
network
low complexity
microsoft CWE-22
critical
9.8