Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-09 | CVE-2006-1095 | Path Traversal vulnerability in Apache MOD Python 3.2.7 Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | 7.2 |
2006-03-03 | CVE-2006-0976 | Path Traversal vulnerability in Spid 1.3.1 Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter. | 5.0 |
2006-02-28 | CVE-2006-0931 | Path Traversal vulnerability in Pear Archive TAR Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | 5.0 |
2006-02-24 | CVE-2006-0871 | Path Traversal vulnerability in Mambo 4.5.3H Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. | 6.4 |
2006-02-19 | CVE-2006-0795 | Path Traversal vulnerability in Thomastsoi Quirex 2.0 Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | 5.0 |
2006-01-26 | CVE-2006-0434 | Path Traversal vulnerability in PHPxplorer Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. | 5.0 |
2006-01-16 | CVE-2006-0223 | Path Traversal vulnerability in Topcmm Computing 123 Flash Chat Server 5.0/5.1 Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | 5.0 |
2005-12-31 | CVE-2005-4600 | Path Traversal vulnerability in Moxiecode Tinymce Compressor PHP Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | 6.4 |
2005-12-31 | CVE-2005-2619 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. | 9.3 |
2005-12-31 | CVE-2005-1918 | Path Traversal vulnerability in multiple products The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | 2.6 |