Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1138 | 1 Cromosoft | 1 Simple Plantilla Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
|
|||||
| CVE-2007-6230 | 1 Rayzz | 1 Rayzz Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
|
|||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
|
|||||
| CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
|
|||||
| CVE-2008-4483 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
|
|||||
| CVE-2009-2546 | 1 Anelectron | 1 Advanced Electron Forum | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0465 | 1 Seagullproject.org | 1 Seagull | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
|
|||||
| CVE-2008-3384 | 1 Cce-interact | 1 Interact | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
|
|||||
| CVE-2007-6612 | 1 Mongrel | 1 Mongrel | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
|
|||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
|||||
| CVE-2008-5723 | 1 Cgi-rescue | 2 Kannibbs2000, Kannibbs2000i | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2008-2938 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
|
|||||
| CVE-2008-0405 | 1 Hfs | 1 Http File Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
|
|||||
| CVE-2009-1948 | 1 Unclassified | 1 Newsboard | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
|
|||||
| CVE-2007-0700 | 1 Portail Web Php | 1 Portail Web Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.
|
|||||
| CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
|
|||||
| CVE-2007-6508 | 1 Xecms | 1 Xecms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
|
|||||
| CVE-2008-0481 | 1 Web Wiz | 1 Rich Text Editor | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
|
|||||
| CVE-2008-1624 | 1 Whorl Ltd | 1 Jshop Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.
|
|||||
| CVE-2009-1653 | 1 Tinybutstrong | 1 Tinybutstrong | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter.
|
|||||
| CVE-2008-6336 | 1 Rightscripts | 1 Text Lines Rearrange Script | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.
|
|||||
| CVE-2008-6423 | 1 I-apps | 1 Passwiki | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
|
|||||
| CVE-2006-5031 | 1 Cakephp | 1 Cakephp | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
|
|||||
| CVE-2009-4194 | 1 Kmint21 | 1 Golden Ftp Server | 2025-04-09 | 6.0 MEDIUM | 8.1 HIGH |
|
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
|
|||||
| CVE-2009-0680 | 1 Netgear | 1 Ssl312 | 2025-04-09 | 7.8 HIGH | N/A |
|
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
|
|||||
| CVE-2009-2116 | 1 Skybluecanvas | 1 Skybluecanvas | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
|
|||||
| CVE-2009-2229 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0545 | 1 Bubbling Library | 1 Bubbling Library | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
|
|||||
| CVE-2008-6271 | 1 Tbmnet | 1 Tbmnetcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.
|
|||||
| CVE-2007-6397 | 1 Flat Php | 1 Board | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
|
|||||
| CVE-2007-4718 | 1 Claroline | 1 Claroline | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2008-5116 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.
|
|||||
| CVE-2007-6185 | 1 Eurologon | 1 Eurologon Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
|
|||||
| CVE-2008-2782 | 1 Otomigenx | 1 Otomigenx | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
|
|||||
| CVE-2008-3371 | 1 Talkback | 1 Talkback | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
|
|||||
| CVE-2007-6323 | 1 Mms Gallery | 1 Mms Gallery Php | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
|
|||||
| CVE-2009-0592 | 1 Pnphpbb | 1 Pnphpbb2 | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
|
|||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
|
|||||
| CVE-2009-2161 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.
|
|||||