Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kh73-zyw7-r3ea
Vulnerability ID VCID-kh73-zyw7-r3ea
Aliases CVE-2004-1444
GHSA-q7mf-hp9m-cx6f
Summary Roundup Directory traversal vulnerability Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via `..` (dot dot) sequences in an `@@` command in an HTTP GET request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://packetstormsecurity.nl/0406-exploits/roundUP.txt
epss 0.16535 https://api.first.org/data/v1/epss?cve=CVE-2004-1444
generic_textual MODERATE http://secunia.com/advisories/11801
generic_textual MODERATE http://securitytracker.com/id?1010415
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/16350
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-q7mf-hp9m-cx6f
generic_textual MODERATE https://github.com/roundup-tracker/roundup
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2004-1444
generic_textual MODERATE http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788
generic_textual MODERATE http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml
generic_textual MODERATE http://www.securityfocus.com/bid/10495
Reference id Reference type URL
http://packetstormsecurity.nl/0406-exploits/roundUP.txt
https://api.first.org/data/v1/epss?cve=CVE-2004-1444
http://secunia.com/advisories/11801
http://securitytracker.com/id?1010415
https://exchange.xforce.ibmcloud.com/vulnerabilities/16350
https://github.com/roundup-tracker/roundup
http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788
http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml
http://www.securityfocus.com/bid/10495
CVE-2004-1444 https://nvd.nist.gov/vuln/detail/CVE-2004-1444
CVE-2004-1444;OSVDB-6691 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24179.txt
CVE-2004-1444;OSVDB-6691 Exploit https://www.securityfocus.com/bid/10495/info
GHSA-q7mf-hp9m-cx6f https://github.com/advisories/GHSA-q7mf-hp9m-cx6f
GLSA-200408-09 https://security.gentoo.org/glsa/200408-09
Data source Exploit-DB
Date added June 8, 2004
Description Roundup 0.5/0.6 - Remote File Disclosure
Ransomware campaign use Known
Source publication date June 8, 2004
Exploit type remote
Platform linux
Source update date Jan. 16, 2013
Source URL https://www.securityfocus.com/bid/10495/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.95016
EPSS Score 0.16535
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:57:47.826246+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/roundup/CVE-2004-1444.yml 38.6.0