CVE List by Type: Directory Traversal (Filtered by Published Year)

Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing Directory Traversal CVEs published in 2011. View full CVE list

Showing 120 of 432 results
«« First « Prev Page 1 / 22 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2011-4617 virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. 1.2 0.32% 2011-12-30 2026-06-16
CVE-2011-5028 Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. 4.0 3.52% 2011-12-29 2026-06-16
CVE-2011-4168 Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. 7.5 5.01% 2011-12-26 2026-06-16
CVE-2011-4166 Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. 7.5 61.76% 2011-12-26 2026-06-16
CVE-2011-3837 Directory traversal vulnerability in blog_system/data_functions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the preview parameter to index.php. 6.8 1.44% 2011-12-24 2026-06-16
CVE-2011-4596 Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. 6.0 1.94% 2011-12-23 2026-06-16
CVE-2011-4897 Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. 4.3 1.62% 2011-12-22 2026-06-16
CVE-2011-4896 Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. 4.3 1.59% 2011-12-22 2026-06-16
CVE-2011-4895 Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. 4.3 1.62% 2011-12-22 2026-06-16
CVE-2011-4894 Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. 4.3 1.62% 2011-12-22 2026-06-16
CVE-2011-2769 Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. 4.3 1.20% 2011-12-22 2026-06-16
CVE-2011-3663 Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. 4.3 2.07% 2011-12-20 2026-06-16
CVE-2011-4717 Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command. 5.5 2.17% 2011-12-20 2026-06-16
CVE-2011-4853 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files. 4.3 1.14% 2011-12-16 2026-06-16
CVE-2011-4852 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. 4.3 1.14% 2011-12-16 2026-06-16
CVE-2011-4850 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. 4.3 1.07% 2011-12-16 2026-06-16
CVE-2011-4849 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files. 4.3 1.05% 2011-12-16 2026-06-16
CVE-2011-4848 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/. 4.3 1.05% 2011-12-16 2026-06-16
CVE-2011-4767 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. 5.0 1.16% 2011-12-16 2026-06-16
CVE-2011-4766 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment 5.0 1.17% 2011-12-16 2026-06-16
«« First « Prev Page 1 / 22 Next »
cvelogic Threat Intelligence