Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2002. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2002-2416 | Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. | 5.0 | 6.03% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2410 | openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. | 5.0 | 1.31% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2409 | Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. | 3.5 | 0.71% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2403 | Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. | 5.0 | 2.67% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2399 | Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 6.4 | 2.37% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2387 | Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | 5.0 | 1.54% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2382 | cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | 7.2 | 0.31% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2380 | NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. | 6.4 | 10.94% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2375 | Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | 5.0 | 1.53% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2374 | Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | 10.0 | 1.16% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2369 | Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | 5.0 | 1.22% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2351 | Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | 6.4 | 2.65% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2349 | phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. | 5.0 | 2.49% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2346 | phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | 5.0 | 1.39% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2342 | Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. | 5.0 | 1.01% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2323 | Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | 7.5 | 2.21% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2317 | Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | 7.8 | 1.68% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2292 | Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | 5.0 | 1.54% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2289 | soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | 5.0 | 1.36% | 2002-12-31 | 2026-06-16 |
| CVE-2002-2288 | Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. | 5.0 | 2.01% | 2002-12-31 | 2026-06-16 |