Total
7027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4626 | 1 Zirkon Box | 1 Yappa-ng | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter. | |||||
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5815 | 1 Sonicwall | 2 Ssl Vpn2000\/4000, Ssl Vpn 200 | 2025-04-09 | 10.0 HIGH | N/A |
| Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. | |||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | |||||
| CVE-2009-3823 | 1 Ac4p | 1 Mobilelib Gold | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. | |||||
| CVE-2008-5209 | 1 Admidio | 1 Admidio | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-4155 | 1 Easybrik | 1 Easysite | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php. | |||||
| CVE-2008-3593 | 1 Syzygycms | 1 Syzygycms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. | |||||
| CVE-2008-6877 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths. | |||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5782 | 1 Fireconfig | 1 Fireconfig | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0332 | 1 Aria | 1 Aria | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2007-4545 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. | |||||
| CVE-2009-2659 | 1 Django Project | 1 Django | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. | |||||
| CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | |||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | |||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6604 | 1 Xcms | 1 Xcms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. | |||||