Total
7027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0946 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2025-04-09 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | |||||
| CVE-2008-0542 | 1 Gerd Tentler | 1 Simple Forum | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-7117 | 1 Kubix | 1 Kubix | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php. | |||||
| CVE-2008-3333 | 1 Mantis | 1 Mantis | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||||
| CVE-2009-0765 | 1 Bookelves | 1 Kipper | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter. | |||||
| CVE-2008-2399 | 2 Fireftp, Mozilla | 2 Fireftp, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2009-3787 | 1 Vivvo | 1 Vivvo | 2025-04-09 | 5.0 MEDIUM | N/A |
| files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | |||||
| CVE-2008-1169 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command. | |||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | |||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | |||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | |||||
| CVE-2008-2073 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | |||||
| CVE-2008-4490 | 1 Phpabook | 1 Phpabook | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie. | |||||
| CVE-2008-6288 | 1 Interface-medien | 1 Ibase | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2007-4471 | 1 Intuit | 1 Quickbooks | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-4759 | 1 Buzzscripts | 1 Buzzywall | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. | |||||
| CVE-2009-4088 | 1 Telepark | 1 Telepark.wiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. | |||||
| CVE-2008-1798 | 1 Dragoon | 1 Dragoon | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter. | |||||