CVE List by Type: Directory Traversal (Filtered by Published Year)

Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Directory Traversal CVEs published in 2003. View full CVE list

Showing 120 of 48 results
«« First « Prev Page 1 / 3 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2003-1561 Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. 4.3 0.97% 2003-12-31 2026-06-16
CVE-2003-1560 Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. 5.0 1.06% 2003-12-31 2026-06-16
CVE-2003-1559 Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. 5.0 15.80% 2003-12-31 2026-06-16
CVE-2003-1555 ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. 5.0 3.11% 2003-12-31 2026-06-16
CVE-2003-1553 Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. 4.3 2.10% 2003-12-31 2026-06-16
CVE-2003-1550 XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. 5.0 2.89% 2003-12-31 2026-06-16
CVE-2003-1548 MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. 5.0 6.96% 2003-12-31 2026-06-16
CVE-2003-1545 Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. 5.0 3.60% 2003-12-31 2026-06-16
CVE-2003-1542 Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. 5.0 1.54% 2003-12-31 2026-06-16
CVE-2003-1540 WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. 5.0 3.23% 2003-12-31 2026-06-16
CVE-2003-1537 Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. 5.0 1.34% 2003-12-31 2026-06-16
CVE-2003-1535 Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. 5.0 2.37% 2003-12-31 2026-06-16
CVE-2003-1529 Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. 5.0 1.84% 2003-12-31 2026-06-16
CVE-2003-1528 nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. 7.2 0.40% 2003-12-31 2026-06-16
CVE-2003-1526 PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. 5.0 0.97% 2003-12-31 2026-06-16
CVE-2003-1517 cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. 5.0 2.00% 2003-12-31 2026-06-16
CVE-2003-1501 Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. 6.4 2.50% 2003-12-31 2026-06-16
CVE-2003-1499 Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. 5.0 2.83% 2003-12-31 2026-06-16
CVE-2003-1492 Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. 5.0 1.20% 2003-12-31 2026-06-16
CVE-2003-1486 Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. 5.0 1.19% 2003-12-31 2026-06-16
«« First « Prev Page 1 / 3 Next »
cvelogic Threat Intelligence