CVE List by Type: Directory Traversal (Filtered by Published Year)

Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Directory Traversal CVEs published in 2002. View full CVE list

Showing 120 of 38 results
«« First « Prev Page 1 / 2 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2002-2416 Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. 5.0 6.03% 2002-12-31 2026-06-16
CVE-2002-2410 openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information. 5.0 1.31% 2002-12-31 2026-06-16
CVE-2002-2409 Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. 3.5 0.71% 2002-12-31 2026-06-16
CVE-2002-2403 Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences. 5.0 2.67% 2002-12-31 2026-06-16
CVE-2002-2399 Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 6.4 2.37% 2002-12-31 2026-06-16
CVE-2002-2387 Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. 5.0 1.54% 2002-12-31 2026-06-16
CVE-2002-2382 cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. 7.2 0.31% 2002-12-31 2026-06-16
CVE-2002-2380 NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. 6.4 10.94% 2002-12-31 2026-06-16
CVE-2002-2375 Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. 5.0 1.53% 2002-12-31 2026-06-16
CVE-2002-2374 Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." 10.0 1.16% 2002-12-31 2026-06-16
CVE-2002-2369 Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. 5.0 1.22% 2002-12-31 2026-06-16
CVE-2002-2351 Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). 6.4 2.65% 2002-12-31 2026-06-16
CVE-2002-2349 phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. 5.0 2.49% 2002-12-31 2026-06-16
CVE-2002-2346 phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. 5.0 1.39% 2002-12-31 2026-06-16
CVE-2002-2342 Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.dat and (4) banmat.pwd data files under the web document root with insufficient access control, which allows attackers to obtain sensitive information via a direct request for the files. 5.0 1.01% 2002-12-31 2026-06-16
CVE-2002-2323 Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. 7.5 2.21% 2002-12-31 2026-06-16
CVE-2002-2317 Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. 7.8 1.68% 2002-12-31 2026-06-16
CVE-2002-2292 Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. 5.0 1.54% 2002-12-31 2026-06-16
CVE-2002-2289 soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. 5.0 1.36% 2002-12-31 2026-06-16
CVE-2002-2288 Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. 5.0 2.01% 2002-12-31 2026-06-16
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence