Directory Traversal に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2002 年に公開され、Directory Traversal に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2002-2416 | Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. | 5.0 | 6.03% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2410 | openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | 5.0 | 1.31% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2409 | Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | 3.5 | 0.71% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2403 | Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. | 5.0 | 2.67% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2399 | Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 6.4 | 2.37% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2387 | Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | 5.0 | 1.54% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2382 | cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | 7.2 | 0.31% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2380 | NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | 6.4 | 10.94% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2375 | Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | 5.0 | 1.53% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2374 | Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | 10.0 | 1.16% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2369 | Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | 5.0 | 1.22% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2351 | Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | 6.4 | 2.65% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2349 | phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | 5.0 | 2.49% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2346 | phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | 5.0 | 1.39% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2342 | Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | 5.0 | 1.01% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2323 | Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | 7.5 | 2.21% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2317 | Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | 7.8 | 1.68% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2292 | Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | 5.0 | 1.54% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2289 | soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | 5.0 | 1.36% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2288 | Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | 5.0 | 2.01% | 2002-12-31 | 2026-06-16 |