Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6567 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
|
|||||
| CVE-2007-5813 | 1 Ispworker | 1 Ispworker | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.
|
|||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter.
|
|||||
| CVE-2008-0459 | 1 Liquidsilvercms | 1 Liquidsilvercms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
|
|||||
| CVE-2008-1415 | 1 Riceball | 1 Multiple Time Sheets | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
|
|||||
| CVE-2008-2889 | 1 Wise-ftp | 1 Wise-ftp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
|
|||||
| CVE-2009-1730 | 1 Netmechanica | 1 Netdecision Tftp Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
|
|||||
| CVE-2009-0753 | 1 Mldonkey | 1 Mldonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
|
|||||
| CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
|
|||||
| CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2009-3425 | 1 Databay | 1 Maxcms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
|
|||||
| CVE-2009-1846 | 1 Bjsintay | 1 Sitex | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.
|
|||||
| CVE-2008-5962 | 1 Gravity-gtd | 1 Gravity-gtd | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
|
|||||
| CVE-2008-1512 | 1 Phpbb | 1 Module Xs | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4519 | 1 Fastpublish | 1 Fastpublish Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.
|
|||||
| CVE-2008-1042 | 1 Linux Web Shop | 1 Php Download Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.
|
|||||
| CVE-2007-0450 | 1 Apache | 2 Http Server, Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
|
|||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4187 | 1 Proactive Cms | 1 Proactive Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
|
|||||
| CVE-2009-2007 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.
|
|||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
|
|||||
| CVE-2008-6668 | 1 Dirk Bartley | 1 Nweb2fax | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
|
|||||
| CVE-2008-4471 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
|
|||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
|
|||||
| CVE-2009-1621 | 1 Opencart | 1 Opencart | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
|
|||||
| CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
|
|||||
| CVE-2008-5207 | 1 Jonascms | 1 Jonascms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
|
|||||
| CVE-2009-0291 | 1 Openx | 1 Openx | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
|
|||||
| CVE-2008-3087 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
|
|||||
| CVE-2009-0640 | 1 Swannsecurity | 1 Dvr4-securanet | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords.
|
|||||
| CVE-2008-4662 | 1 Lokicms | 1 Lokicms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2008-3770 | 1 Openfreeway | 1 Freeway | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.ph ...
Show More |
|||||
| CVE-2008-0946 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
|
|||||
| CVE-2008-1635 | 1 Raven Php Scripts | 1 Keep It Simple Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
|
|||||
| CVE-2008-0068 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
|
|||||
| CVE-2008-2898 | 1 Hedgehog-cms | 1 Hedgehog-cms | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2009-1510 | 1 Koschtit | 1 Koschtit Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.
|
|||||
| CVE-2009-1625 | 1 Davlin | 1 Thickbox Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
|
|||||