Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2008-3555 | 1 Wsn | 4 Forum, Gallery, Knowledge Base and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
|
|||||
| CVE-2008-4075 | 1 Dino | 1 D-iscussion Board | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
|
|||||
| CVE-2008-6288 | 1 Interface-medien | 1 Ibase | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2007-1860 | 1 Apache | 1 Tomcat Jk Web Server Connector | 2025-04-09 | 5.0 MEDIUM | N/A |
|
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
|
|||||
| CVE-2008-1178 | 1 Centreon | 1 Centreon | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
|
|||||
| CVE-2007-6584 | 1 1024 Cms | 1 1024 Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
|
|||||
| CVE-2007-5811 | 1 Phpmyconferences | 1 Phpmyconferences | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed
|
|||||
| CVE-2008-6424 | 1 Jun Sota | 1 Ffftp | 2025-04-09 | 8.8 HIGH | N/A |
|
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
|
|||||
| CVE-2008-2779 | 1 Globalscape | 1 Cuteftp | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2008-6018 | 1 Myphpsite | 1 Myphpsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
|
|||||
| CVE-2009-3912 | 1 Tftgallery | 1 Tftgallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
|
|||||
| CVE-2008-5217 | 1 Phpc0d3r | 1 Txtcms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2008-1908 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
|
|||||
| CVE-2008-1145 | 2 Fedoraproject, Ruby-lang | 3 Fedora, Ruby, Webrick | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
|
|||||
| CVE-2008-3195 | 1 Twiki | 1 Twiki | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
|
|||||
| CVE-2008-1281 | 1 Argontechnology | 1 Client Management Services | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2008-5175 | 1 Visicommedia | 1 Aceftp | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
|
|||||
| CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1564 | 1 File-transfer | 1 File Transfer | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
|
|||||
| CVE-2009-1847 | 1 Easypx41 | 1 Easy Px 41 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.
|
|||||
| CVE-2007-4820 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 7.5 HIGH | N/A |
|
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
|
|||||
| CVE-2008-5579 | 1 Mini-pub | 1 Mini-pub | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
|
|||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
|
|||||
| CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
|
|||||
| CVE-2008-3675 | 1 Gelatocms | 1 Gelatocms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-7142 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
|
|||||
| CVE-2009-3508 | 1 Fcgphilipp | 1 Mujecms | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php.
|
|||||
| CVE-2008-5201 | 1 Otmanager | 1 Otmanager Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2008-2813 | 1 Shoutcastadmin | 1 Wallcity-server Shoutcast Admin Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2008-3149 | 1 F5 | 1 Firepass 1200 | 2025-04-09 | 7.8 HIGH | N/A |
|
The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.
|
|||||
| CVE-2008-4129 | 1 Gallery | 1 Gallery | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
|
|||||
| CVE-2008-4499 | 1 Php Web Explorer | 1 Php Web Explorer Lite | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
|
|||||
| CVE-2008-0840 | 1 Publicwarehouse | 1 Lightblog | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
|
|||||
| CVE-2008-4243 | 1 Epic Games | 1 Unreal Tournament 3 | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
|||||
| CVE-2008-4875 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
|
|||||
| CVE-2008-0418 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
|
|||||
| CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
|
|||||
| CVE-2007-5782 | 1 Fireconfig | 1 Fireconfig | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2008-4741 | 1 Far-php | 1 Far-php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
|
|||||