Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5968 | 1 Phpicalendar | 1 Phpicalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
|
|||||
| CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
|
|||||
| CVE-2007-4457 | 1 Florian Mahieu | 1 Dalai Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter.
|
|||||
| CVE-2008-0513 | 1 Phpcms | 1 Phpcms | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
|
|||||
| CVE-2008-1857 | 1 Mole | 1 Make Our Life Easy | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
|
|||||
| CVE-2008-3036 | 1 Cms Little | 1 Cms Little | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_sli ...
Show More |
|||||
| CVE-2008-2838 | 1 Traindepot | 1 Traindepot | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
|
|||||
| CVE-2008-5953 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
|
|||||
| CVE-2008-1798 | 1 Dragoon | 1 Dragoon | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
|
|||||
| CVE-2009-1649 | 1 Bicluc | 1 Belive | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
|
|||||
| CVE-2008-2185 | 1 Toocharger | 1 Smartblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0338 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
|
|||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
|
|||||
| CVE-2008-1410 | 1 Acronis | 1 Snap Deploy | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
|
|||||
| CVE-2007-5927 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 9.0 HIGH | 8.1 HIGH |
|
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
|
|||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5821 | 1 Dm Guestbook | 1 Dm Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.
|
|||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.
|
|||||
| CVE-2008-4602 | 1 Qualityunit | 1 Post Affiliate Pro | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
|
|||||
| CVE-2009-0615 | 1 Cisco | 2 Application Control Engine Device Manager, Application Networking Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
|
|||||
| CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-2887 | 1 Chaozzatwork | 1 Fubarforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
|
|||||
| CVE-2008-6074 | 1 Phpcrs | 1 Phpcrs | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter.
|
|||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
|||||
| CVE-2008-5570 | 1 Php Multiple Newsletters | 1 Php Multiple Newsletters | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-3926 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.
|
|||||
| CVE-2007-5642 | 1 Phppm | 1 Php Project Management | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) group ...
Show More |
|||||
| CVE-2008-1555 | 1 Bolinos | 1 Bolinos | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.
|
|||||
| CVE-2007-6344 | 1 Mcms | 1 Easy Web Make | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2007-1031 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.
|
|||||
| CVE-2008-4455 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.
|
|||||
| CVE-2008-6407 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
|
|||||
| CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
|
|||||
| CVE-2009-3167 | 1 Anantasoft | 1 Gazelle Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
|
|||||
| CVE-2009-4053 | 1 Home Ftp Server Project | 1 Home Ftp Server | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component.
|
|||||
| CVE-2009-4427 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
|
|||||