Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0745 | 1 Domphp | 1 Domphp | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2007-5956 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
|
|||||
| CVE-2009-0886 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
|
|||||
| CVE-2009-2109 | 1 Fretsweb Project | 1 Fretsweb | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.
|
|||||
| CVE-2007-1126 | 1 Xt-commerce | 1 Xt-commerce | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
|
|||||
| CVE-2008-3776 | 1 Fujitsu | 1 Web Based Admin View | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
|||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.
|
|||||
| CVE-2009-2552 | 1 Supersimple | 1 Super Simple Blog Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.
|
|||||
| CVE-2008-2976 | 1 Tinx Cms | 1 Tinx Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.
|
|||||
| CVE-2007-4663 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
|
|||||
| CVE-2008-0393 | 1 Gradman | 1 Gradman | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
|
|||||
| CVE-2008-6901 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585.
|
|||||
| CVE-2007-2836 | 1 Hiki | 1 Hiki | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
|
|||||
| CVE-2008-4758 | 1 Php-daily | 1 Php-daily | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
|
|||||
| CVE-2008-0158 | 1 Shop-script | 1 Shop-script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
|
|||||
| CVE-2008-2974 | 1 Mm Chat | 1 Mm Chat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.
|
|||||
| CVE-2007-6188 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
|
|||||
| CVE-2008-0431 | 1 Idmos | 1 Idmos Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
|||||
| CVE-2008-5275 | 1 Net2ftp | 1 Net2ftp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
|
|||||
| CVE-2007-6648 | 1 Sanybee Gallery | 1 Sanybee Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
|
|||||
| CVE-2009-0442 | 1 Phpbbbook | 1 Phpbbbook | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1.3h allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
|
|||||
| CVE-2009-4050 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4843 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2008-6508 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
|
|||||
| CVE-2009-1559 | 1 Cisco | 1 Wvc54gca | 2025-04-09 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible.
|
|||||
| CVE-2008-5856 | 1 Class | 1 Class | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
|
|||||
| CVE-2008-1755 | 1 Zekewalker | 1 World Of Phaos | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
|
|||||
| CVE-2009-1558 | 1 Cisco | 1 Wvc54gca | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
|||||
| CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
|
|||||
| CVE-2008-2942 | 1 Mercurial | 1 Mercurial | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
|
|||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
|
|||||
| CVE-2007-5489 | 1 Artmedic Webdesign | 1 Artmedic Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter.
|
|||||
| CVE-2008-0797 | 1 Itheora | 1 Itheora | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.
|
|||||
| CVE-2008-5787 | 2 Arabportal, Microsoft | 2 Arab Portal, Windows | 2025-04-09 | 5.4 MEDIUM | N/A |
|
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
|
|||||
| CVE-2008-2217 | 1 Mario Valdez | 1 Content Management System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.
|
|||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incom ...
Show More |
|||||
| CVE-2007-6620 | 1 Joovili | 1 Joovili | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
|
|||||