Moderate severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-1444
CVE-2004-1444
Description
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
RoundupPyPI | < 0.7.3 | 0.7.3 |
Affected products
46cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*range: <=0.6.4
- cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.gentoo.org/security/en/glsa/glsa-200408-09.xmlnvdPatchWEB
- packetstormsecurity.nl/0406-exploits/roundUP.txtnvdExploitWEB
- secunia.com/advisories/11801/nvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/10495nvdExploitPatchWEB
- github.com/advisories/GHSA-q7mf-hp9m-cx6fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2004-1444ghsaADVISORY
- secunia.com/advisories/11801ghsaWEB
- securitytracker.com/idnvdWEB
- sourceforge.net/tracker/index.phpnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/16350nvdWEB
News mentions
0No linked articles in our index yet.