Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2011. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2011-4617 | virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | 1.2 | 0.32% | 2011-12-30 | 2026-06-16 |
| CVE-2011-5028 | Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | 4.0 | 3.52% | 2011-12-29 | 2026-06-16 |
| CVE-2011-4168 | Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 | 5.01% | 2011-12-26 | 2026-06-16 |
| CVE-2011-4166 | Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | 7.5 | 61.76% | 2011-12-26 | 2026-06-16 |
| CVE-2011-3837 | Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php. | 6.8 | 1.44% | 2011-12-24 | 2026-06-16 |
| CVE-2011-4596 | Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. | 6.0 | 1.94% | 2011-12-23 | 2026-06-16 |
| CVE-2011-4897 | Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | 4.3 | 1.62% | 2011-12-22 | 2026-06-16 |
| CVE-2011-4896 | Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. | 4.3 | 1.59% | 2011-12-22 | 2026-06-16 |
| CVE-2011-4895 | Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | 4.3 | 1.62% | 2011-12-22 | 2026-06-16 |
| CVE-2011-4894 | Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | 4.3 | 1.62% | 2011-12-22 | 2026-06-16 |
| CVE-2011-2769 | Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | 4.3 | 1.20% | 2011-12-22 | 2026-06-16 |
| CVE-2011-3663 | Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. | 4.3 | 2.07% | 2011-12-20 | 2026-06-16 |
| CVE-2011-4717 | Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. | 5.5 | 2.17% | 2011-12-20 | 2026-06-16 |
| CVE-2011-4853 | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files. | 4.3 | 1.14% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4852 | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 4.3 | 1.14% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4850 | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. | 4.3 | 1.07% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4849 | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files. | 4.3 | 1.05% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4848 | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/. | 4.3 | 1.05% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4767 | The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. | 5.0 | 1.16% | 2011-12-16 | 2026-06-16 |
| CVE-2011-4766 | The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment | 5.0 | 1.17% | 2011-12-16 | 2026-06-16 |