Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6335 | 1 Emetrix | 1 Online Keyword Research Tool | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2009-4512 | 1 Indymedia | 1 Oscailt | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
|
|||||
| CVE-2009-2184 | 1 Gravy-media | 1 Media Photo Host | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
|
|||||
| CVE-2008-1642 | 1 Savas Place | 1 Savas Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
|
|||||
| CVE-2008-0822 | 1 Scribe | 1 Scribe | 2025-04-09 | 3.6 LOW | N/A |
|
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2007-6322 | 1 Xml2owl | 1 Xml2owl | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2009-0731 | 1 Freearcadescript | 1 Free Arcade Script | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2008-2822 | 1 3dftp | 1 3d-ftp Client | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.
|
|||||
| CVE-2008-1371 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 3.6 LOW | N/A |
|
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
|
|||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
|
|||||
| CVE-2008-5594 | 1 Bpowerhouse | 1 Mini Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
|
|||||
| CVE-2009-3216 | 1 Wiccle | 1 Iwiccle | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
|
|||||
| CVE-2008-6290 | 1 Niclor | 1 Include Sito | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
|
|||||
| CVE-2009-2925 | 1 Djcalendar | 1 Djcalendar | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
|
|||||
| CVE-2008-0427 | 1 Bloo | 1 Bloofoxcms | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2025-04-09 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
|
|||||
| CVE-2008-3205 | 1 Easy-script | 1 Wysi Wiki Wyg | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
|
|||||
| CVE-2009-3625 | 1 Sahana | 1 Sahana | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
|
|||||
| CVE-2009-0735 | 1 Papoo | 1 Papoo | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
|
|||||
| CVE-2009-3219 | 1 The-ghost | 1 Ar Web Content Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter.
|
|||||
| CVE-2008-2017 | 1 Chilkat Software | 1 Chicomas | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.
|
|||||
| CVE-2007-4134 | 1 Redhat | 1 Fedora | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
|
|||||
| CVE-2008-2966 | 1 Jaxultrabb | 1 Jaxultrabb | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
|
|||||
| CVE-2009-3694 | 1 Jdtmmsm | 1 Ezrecipe-zee | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter.
|
|||||
| CVE-2008-3564 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2008-0196 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
|
|||||
| CVE-2009-0596 | 1 Phpskelsite | 1 Phpskelsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
|
|||||
| CVE-2008-4739 | 1 Plugspace | 1 Plugspace | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
|
|||||
| CVE-2008-0221 | 1 Gateway | 1 Weblaunch | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1119 | 1 Centreon | 1 Centreon | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
|
|||||
| CVE-2009-3534 | 1 Lionwiki | 1 Lionwiki | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2008-5658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
|
|||||
| CVE-2008-6010 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
|
|||||
| CVE-2007-4726 | 1 Weboddity | 1 Weboddity | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
|
|||||
| CVE-2009-1911 | 2 Claudio Klingler, Tinywebgallery | 2 Quixplorer, Tinywebgallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
|
|||||
| CVE-2008-6273 | 1 Myktools | 1 Myktools | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in configuration_script.php in MyKtools 3.0 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, a different vulnerability than CVE-2008-4781. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3562 | 1 Chupix | 2 Chupix Cms, Cms Contact Module | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||