Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2003. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2003-1561 | Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 4.3 | 0.97% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1560 | Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 | 1.06% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1559 | Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 | 15.80% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1555 | ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | 5.0 | 3.11% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1553 | Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | 4.3 | 2.10% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1550 | XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message. | 5.0 | 2.89% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1548 | MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | 5.0 | 6.96% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1545 | Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | 5.0 | 3.60% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1542 | Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | 5.0 | 1.54% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1540 | WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | 5.0 | 3.23% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1537 | Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | 5.0 | 1.34% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1535 | Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | 5.0 | 2.37% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1529 | Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | 5.0 | 1.84% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1528 | nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. | 7.2 | 0.40% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1526 | PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | 5.0 | 0.97% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1517 | cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | 5.0 | 2.00% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1501 | Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | 6.4 | 2.50% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1499 | Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | 5.0 | 2.83% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1492 | Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | 5.0 | 1.20% | 2003-12-31 | 2026-06-16 |
| CVE-2003-1486 | Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | 5.0 | 1.19% | 2003-12-31 | 2026-06-16 |