Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2672 | 1 Erfurtwiki | 1 Erfurtwiki | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php.
|
|||||
| CVE-2007-1149 | 1 Lovecms | 1 Lovecms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
|
|||||
| CVE-2008-1343 | 1 Sco | 1 Unixware | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
|
|||||
| CVE-2007-4058 | 1 Emc | 1 Vmware | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
|
|||||
| CVE-2009-0457 | 1 Magtrb | 1 Aja Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
|
|||||
| CVE-2007-4764 | 1 Pawfaliki | 1 Pawfaliki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-7176 | 1 Celina Jorge | 1 Facil Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload parameter to modules.php.
|
|||||
| CVE-2008-1891 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality an ...
Show More |
|||||
| CVE-2009-3787 | 1 Vivvo | 1 Vivvo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
|
|||||
| CVE-2007-4829 | 2 Archive\, Canonical | 2 \, Ubuntu Linux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
|
|||||
| CVE-2009-1456 | 1 Stephane Rajalu | 1 Malleo | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
|
|||||
| CVE-2008-6453 | 1 6rbscript | 1 6rbscript | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
|
|||||
| CVE-2008-0479 | 1 Web Wiz | 1 Newspad | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
|
|||||
| CVE-2009-0448 | 1 Syntax Desktop | 1 Syntax Desktop | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter.
|
|||||
| CVE-2008-0357 | 1 Galaxyscripts | 1 Mini File Host | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
|
|||||
| CVE-2008-2015 | 1 Watchfire | 1 Appscan | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2007-5823 | 1 Scribe | 1 Scribe | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action.
|
|||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.
|
|||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
|
|||||
| CVE-2008-4894 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
|
|||||
| CVE-2009-2931 | 1 Slideshowpro | 1 Director | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.
|
|||||
| CVE-2008-5997 | 1 Ocp2 | 1 Omnicom Content Platform | 2025-04-09 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter.
|
|||||
| CVE-2008-3685 | 1 Emc | 1 Documentum Applicationxtender Workflow Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to TCP port 2606.
|
|||||
| CVE-2008-0905 | 1 Meo | 1 Globsy | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2008-6316 | 1 Phpmygallery | 1 Phpmygallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.
|
|||||
| CVE-2009-4231 | 1 Basic-cms | 1 Sweetrice | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
|
|||||
| CVE-2008-1565 | 2 Hotscripts, Phpbb | 2 Pjirc, Pjirc Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
|
|||||
| CVE-2007-4559 | 1 Python | 1 Python | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
|
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
|
|||||
| CVE-2008-6080 | 2 Codecall, Joomla | 2 Com Ionfiles, Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
|
|||||
| CVE-2008-3164 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | 7.6 HIGH | N/A |
|
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
|
|||||
| CVE-2009-3561 | 1 Xerver | 1 Xerver | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
|
|||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
|
|||||
| CVE-2009-2658 | 1 Znc | 1 Znc | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.
|
|||||
| CVE-2008-6112 | 1 Scriptsez | 1 Ez Ringtone Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.
|
|||||
| CVE-2008-5171 | 1 Phpblaster | 1 Phpblaster Cms | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
|
|||||
| CVE-2008-1284 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Horde | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
|
|||||
| CVE-2009-1737 | 1 Diqiye | 1 Mypic | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
|
|||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/.
|
|||||
| CVE-2009-4088 | 1 Telepark | 1 Telepark.wiki | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
|
|||||