Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5990 | 1 Eduforge | 1 Emergecolab | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php.
|
|||||
| CVE-2008-0798 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php.
|
|||||
| CVE-2008-0489 | 1 Clansphere | 1 Clansphere | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-1125 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.
|
|||||
| CVE-2009-0929 | 1 Nucleus Group | 1 Nucleus Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2009-3664 | 1 Nullam | 1 Nullam Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
|
|||||
| CVE-2008-2403 | 1 Sun | 1 Java Asp Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.
|
|||||
| CVE-2008-5776 | 1 Apertoblog | 1 Apertoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2008-3723 | 1 Phpizabi | 1 Phpizabi | 2025-04-09 | 6.3 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2037 | 1 Onlinegrades | 1 Online Grades | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
|
|||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
|
|||||
| CVE-2008-1571 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
|
|||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.
|
|||||
| CVE-2008-3312 | 1 Lemoncms | 1 Lemon Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.
|
|||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
|
|||||
| CVE-2010-0013 | 6 Adium, Fedoraproject, Opensuse and 3 more | 7 Adium, Fedora, Opensuse and 4 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the em ...
Show More |
|||||
| CVE-2007-5174 | 1 Actsite | 1 Actsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter.
|
|||||
| CVE-2007-1042 | 1 Xpression News | 1 Xpression News | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4202 | 2 Joomla, Omilenitsolutions | 2 Joomla\!, Com Omphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
|||||
| CVE-2009-2101 | 1 Castro Xl | 1 Torrentvolve | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
|
|||||
| CVE-2009-1523 | 1 Mortbay | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
|
|||||
| CVE-2009-0514 | 1 Webframe | 1 Webframe | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php.
|
|||||
| CVE-2008-2635 | 1 Barad Dur | 1 Bitkinex | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.
|
|||||
| CVE-2009-3702 | 1 Php-calendar | 1 Php-calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2009-2177 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
|
|||||
| CVE-2008-1534 | 1 Powerscripts | 1 Powerphpboard | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.
|
|||||
| CVE-2008-3390 | 1 Minishowcase | 1 Minishowcase Image Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-7090 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.8 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
|
|||||
| CVE-2008-1606 | 1 Elastic Path | 1 Elastic Path | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
|
|||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php.
|
|||||
| CVE-2008-2876 | 1 Munky | 1 Munky | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
|
|||||
| CVE-2008-4067 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
|
|||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
|
|||||
| CVE-2008-2495 | 1 Pancake | 1 Zina | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter.
|
|||||
| CVE-2008-2227 | 1 Php-fusion | 1 Forum Rank System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2025-04-09 | 8.8 HIGH | N/A |
|
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
|
|||||
| CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter.
|
|||||
| CVE-2007-5815 | 1 Sonicwall | 2 Ssl Vpn2000\/4000, Ssl Vpn 200 | 2025-04-09 | 10.0 HIGH | N/A |
|
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
|
|||||
| CVE-2009-0645 | 1 Jaws | 1 Jaws | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
|
|||||
| CVE-2008-0794 | 1 Affiliate Market | 1 Affiliate Market | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
|||||