Vulnerabilities (CVE)

Filtered by CWE-22
Total 7229 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0330 1 Wss-pro 1 Scms 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
CVE-2008-1884 1 Wikepage 1 Opus 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418.
CVE-2008-1281 1 Argontechnology 1 Client Management Services 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-3371 1 Talkback 1 Talkback 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2008-4243 1 Epic Games 1 Unreal Tournament 3 2025-04-09 7.8 HIGH N/A
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2009-1523 1 Mortbay 1 Jetty 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CVE-2008-5989 1 Phpcounter 1 Phpcounter 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
CVE-2009-0423 1 Kevin Walker 1 Php Photo Album 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.
CVE-2007-4008 1 Entertainment Cms 1 Entertainment Cms 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
CVE-2009-1779 1 Frax 1 Php Recommend 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
CVE-2008-5856 1 Class 1 Class 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
CVE-2006-5031 1 Cakephp 1 Cakephp 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
CVE-2008-6551 1 E-vision 1 E-vision Cms 2025-04-09 5.1 MEDIUM N/A
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.
CVE-2008-2650 1 Cmsimple 1 Cmsimple 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
CVE-2007-6290 1 Iptel 1 Serweb 2025-04-09 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
CVE-2008-0745 1 Domphp 1 Domphp 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-4483 1 Crux Software 1 Gallery 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2009-0515 1 Yanocc 1 Yanocc 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2009-3694 1 Jdtmmsm 1 Ezrecipe-zee 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter.
CVE-2008-0221 1 Gateway 1 Weblaunch 2025-04-09 9.3 HIGH N/A
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.