Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1645 | 1 Guillaume Meister | 1 Php Spammanager | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2008-3031 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2008-6825 | 1 Trixbox | 1 Trixbox | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
|
|||||
| CVE-2009-1936 | 1 Cpcommerce Project | 1 Cpcommerce | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
|
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
|
|||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2008-0452 | 1 Siteman | 1 Siteman | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
|
|||||
| CVE-2008-0458 | 1 Slaed | 1 Slaed Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
|
|||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
|
|||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
|
|||||
| CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
|
|||||
| CVE-2008-1643 | 1 Landesk Software | 1 Landesk Management Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2009-1445 | 1 Ivano Culmine | 1 Webportal Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
|
|||||
| CVE-2009-2968 | 1 Vmware | 1 Studio | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors.
|
|||||
| CVE-2007-5446 | 1 Perfection Bytes | 1 Pbemail | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
|
|||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
|
|||||
| CVE-2008-0501 | 1 Sourceforge | 1 Phpmyclub | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
|
|||||
| CVE-2007-6086 | 1 Vigilecms | 1 Vigilecms | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
|
|||||
| CVE-2008-3190 | 1 1scripts | 1 Codedb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2008-6877 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
|
|||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 3.5 LOW | N/A |
|
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.
|
|||||
| CVE-2008-2116 | 1 Scriptsez | 1 Power Editor | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
|
|||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
|
|||||
| CVE-2008-6139 | 1 Webbiscuits | 1 Modules Controller | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
|
|||||
| CVE-2008-4281 | 1 Vmware | 2 Esx, Esxi | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
|
|||||
| CVE-2007-0898 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
|
|||||
| CVE-2009-1502 | 1 Matteoiammarrone | 1 S-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
|
|||||
| CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
|
|||||
| CVE-2006-6047 | 1 Etomite | 1 Etomite | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
|
|||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
|
|||||
| CVE-2008-0559 | 1 Nilsons Blogger | 1 Nilsons Blogger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
|
|||||
| CVE-2009-0392 | 1 Motorola | 1 Cpei300 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2007-5311 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter.
|
|||||
| CVE-2009-1624 | 1 Dew-code | 1 Dew-newphplinks | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
|
|||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
|
|||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
|
|||||
| CVE-2009-1319 | 1 Guestcal | 1 Guest Cal | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
|
|||||
| CVE-2008-3600 | 1 Menalto | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
|
|||||
| CVE-2008-5993 | 1 Barcodephp | 1 Barcodegen 1d | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter.
|
|||||
| CVE-2009-4154 | 1 Elxis | 1 Elxis Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2008-2352 | 1 Smeego | 1 Smeego | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie.
|
|||||