Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2004. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2004-2750 | Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 5.0 | 6.17% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2749 | Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | 4.3 | 2.30% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2748 | viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 | 4.81% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2747 | Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | 4.0 | 1.24% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2745 | Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | 7.8 | 2.80% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2717 | Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters. | 2.6 | 2.40% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2686 | Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | 7.2 | 1.17% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2473 | wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 1.2 | 0.35% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2320 | The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | 5.3 | 2.56% | 2004-12-31 | 2026-06-16 |
| CVE-2004-1901 | Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | 5.5 | 0.37% | 2004-12-31 | 2026-06-16 |
| CVE-2004-1444 | Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | 5.0 | 8.79% | 2004-12-31 | 2026-06-16 |
| CVE-2004-0273 | Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | 9.3 | 4.02% | 2004-11-23 | 2026-06-16 |
| CVE-2004-0847 | The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | 9.8 | 75.70% | 2004-11-03 | 2026-06-16 |
| CVE-2004-1603 | cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 | 1.64% | 2004-10-18 | 2026-06-16 |
| CVE-2004-0689 | KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | 7.1 | 0.43% | 2004-09-28 | 2026-06-16 |
| CVE-2004-0175 | Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | 4.3 | 1.82% | 2004-08-18 | 2026-06-16 |
| CVE-2004-1367 | Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | 4.4 | 7.27% | 2004-08-04 | 2026-06-16 |
| CVE-2004-1364 | Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | 8.5 | 13.78% | 2004-08-04 | 2026-06-16 |
| CVE-2004-1354 | The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. | 5.0 | 4.24% | 2004-05-14 | 2026-06-16 |
| CVE-2004-1991 | Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | 5.0 | 2.93% | 2004-05-03 | 2026-06-16 |