Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4982 | 1 Mw6 Technologies | 1 Qrcode Activex | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6083 | 1 Txtshop | 1 Txtshop | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2008-2399 | 2 Fireftp, Mozilla | 2 Fireftp, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2008-6630 | 1 Typo3 | 2 Typo3, Wt Gallery | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors.
|
|||||
| CVE-2007-5417 | 1 Boastmachine | 1 Boastmachine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2007-5321 | 1 Verlihub-project | 1 Verlihub Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2009-0932 | 1 Debian | 2 Horde, Horde Groupware | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
|
|||||
| CVE-2008-4151 | 1 Cyask | 1 Cyask | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
|
|||||
| CVE-2008-0654 | 1 Azucar Cms | 1 Azucar Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php.
|
|||||
| CVE-2006-7117 | 1 Kubix | 1 Kubix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
|
|||||
| CVE-2008-1231 | 1 Jspwiki | 1 Jspwiki | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.
|
|||||
| CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
|
|||||
| CVE-2009-3451 | 1 Radactive | 1 I-load | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2007-3874 | 1 Altiris | 1 Deployment Solution | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2009-1246 | 1 Blogplus | 1 Blogplus | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] paramet ...
Show More |
|||||
| CVE-2007-4471 | 1 Intuit | 1 Quickbooks | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2007-6368 | 1 Ezcontents | 1 Ezcontents | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter.
|
|||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
|
|||||
| CVE-2007-5484 | 1 Wwwisis | 1 Wwwisis | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter to iah.
|
|||||
| CVE-2009-0722 | 1 Potato-scripts | 1 Potato News | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
|
|||||
| CVE-2008-2913 | 1 Devalcms | 1 Devalcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php.
|
|||||
| CVE-2008-2978 | 1 Ourvideocms | 1 Ourvideo Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
|
|||||
| CVE-2008-5794 | 1 Lovecms | 1 Lovecms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
|
|||||
| CVE-2008-2795 | 1 Idm Computer Solutions Inc | 1 Ultraedit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.
|
|||||
| CVE-2008-7064 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
|
|||||
| CVE-2008-6833 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.
|
|||||
| CVE-2009-3211 | 1 Dimofinf | 1 Infinity Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the options[style_dir] parameter to the default URI.
|
|||||
| CVE-2008-2081 | 1 Siteman | 1 Siteman | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
|
|||||
| CVE-2008-7055 | 1 Visualshapers | 1 Ezcontents | 2025-04-09 | 5.1 MEDIUM | N/A |
|
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.
|
|||||
| CVE-2008-0194 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
|
|||||
| CVE-2009-1090 | 1 Rapidleech | 1 Rapidleech | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter.
|
|||||
| CVE-2008-6502 | 1 Prochatrooms | 1 Pro Chat Rooms | 2025-04-09 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1) an individual user or (2) a room, leading to cross-site request forgery (CSRF), cross-site scripting (XSS), or other impacts.
|
|||||
| CVE-2008-5639 | 1 Txtblogcms | 1 Txtblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
|
|||||
| CVE-2008-0156 | 1 Million Dollar Script | 1 Million Dollar Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
|
|||||
| CVE-2008-5867 | 1 Yerba | 1 Yerba | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6725 | 1 Phpbuilder | 1 Phpbuilder | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5920 | 1 Picoflat Cms | 1 Picoflat Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4592 | 1 Sportspanel | 1 Sports Clubs Web Portal | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
|
|||||
| CVE-2008-0760 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
|
|||||
| CVE-2009-1768 | 1 Ramazeiten | 4 Ramazaitencms0.9.7.5, Ramazaitencms0.9.7.6, Ramazaitencms0.9.7.8 and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||