| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |
| Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. |
| Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. |
| Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). |
| Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. |
| Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. |
| Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. |
| Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. |
| Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. |
| Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request. |
| Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. |
| Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..". |
| Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. |
| Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. |
| Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. |
| An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file. |
