Total
7229 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0330 | 1 Wss-pro | 1 Scms | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | |||||
CVE-2008-1884 | 1 Wikepage | 1 Opus | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418. | |||||
CVE-2008-1281 | 1 Argontechnology | 1 Client Management Services | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2008-3371 | 1 Talkback | 1 Talkback | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
CVE-2008-4243 | 1 Epic Games | 1 Unreal Tournament 3 | 2025-04-09 | 7.8 HIGH | N/A |
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
CVE-2009-1523 | 1 Mortbay | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI. | |||||
CVE-2008-5989 | 1 Phpcounter | 1 Phpcounter | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | |||||
CVE-2009-0423 | 1 Kevin Walker | 1 Php Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter. | |||||
CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | |||||
CVE-2009-1779 | 1 Frax | 1 Php Recommend | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter. | |||||
CVE-2008-5856 | 1 Class | 1 Class | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter. | |||||
CVE-2006-5031 | 1 Cakephp | 1 Cakephp | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | |||||
CVE-2008-6551 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/. | |||||
CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | |||||
CVE-2007-6290 | 1 Iptel | 1 Serweb | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||||
CVE-2008-0745 | 1 Domphp | 1 Domphp | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
CVE-2008-4483 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
CVE-2009-3694 | 1 Jdtmmsm | 1 Ezrecipe-zee | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter. | |||||
CVE-2008-0221 | 1 Gateway | 1 Weblaunch | 2025-04-09 | 9.3 HIGH | N/A |
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. |