Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree.
|
|||||
| CVE-2008-0332 | 1 Aria | 1 Aria | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
|
|||||
| CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
|
|||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
|
|||||
| CVE-2007-5461 | 1 Apache | 1 Tomcat | 2025-04-09 | 3.5 LOW | N/A |
|
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
|
|||||
| CVE-2009-4383 | 1 Rocomotion | 1 P Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
|
|||||
| CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.
|
|||||
| CVE-2008-1651 | 1 Myiosoft | 1 Easynews | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-6878 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
|
|||||
| CVE-2008-6592 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | 7.5 HIGH | N/A |
|
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
|
|||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
|
|||||
| CVE-2009-2015 | 2 Ideal, Joomla | 2 Com Moofaq, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2008-2961 | 1 Cmsmini | 1 Cms Mini | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
|
|||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php.
|
|||||
| CVE-2008-1325 | 1 Leinir Turthra | 1 Uberghey Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1324.
|
|||||
| CVE-2008-4759 | 1 Buzzscripts | 1 Buzzywall | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
|
|||||
| CVE-2009-2112 | 1 Frank-karau | 1 Phpfk | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.
|
|||||
| CVE-2007-4756 | 1 Ghisler | 1 Total Commander | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2007-5454 | 1 Php File Sharing System | 1 Php File Sharing System | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter.
|
|||||
| CVE-2008-0231 | 1 Tuned Studios | 7 Classic Theme, Endless, Freeze Theme and 4 more | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
|
|||||
| CVE-2007-3936 | 1 A-shop | 1 A-shop | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.
|
|||||
| CVE-2009-1406 | 1 Sweetphp | 1 Totalcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
|
|||||
| CVE-2008-2215 | 1 Pbcs | 1 Project-based Calendaring System | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.
|
|||||
| CVE-2008-1799 | 1 Sabros.us | 1 Sabros.us | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
|
|||||
| CVE-2009-2611 | 1 Gander | 1 Myfusion | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
|
|||||
| CVE-2008-5642 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
|
|||||
| CVE-2008-2985 | 1 Cmreams | 1 Cmreams Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
|
|||||
| CVE-2008-2666 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
|
|||||
| CVE-2007-3072 | 1 Mozilla | 1 Firefox | 2025-04-09 | 7.1 HIGH | N/A |
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
|
|||||
| CVE-2008-6025 | 1 Openelec | 1 Openelec | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
|
|||||
| CVE-2008-2073 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
|
|||||
| CVE-2008-3405 | 1 Nazgulled | 1 Nzfotolog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
|
|||||
| CVE-2009-3728 | 1 Sun | 2 Jre, Openjdk | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
|
|||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
|
|||||
| CVE-2008-6842 | 1 Pluck-cms | 1 Pluck | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
|
|||||
| CVE-2007-5826 | 1 Edraw | 1 Flowchart Activex | 2025-04-09 | 9.3 HIGH | N/A |
|
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
|
|||||
| CVE-2008-6610 | 1 Ott | 1 Phpcksec | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter.
|
|||||
| CVE-2008-7178 | 1 Xoops | 2 Uploader, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
|
|||||