Total
7229 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2961 | 1 Cmsmini | 1 Cms Mini | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter. | |||||
CVE-2008-2439 | 1 Trend Micro | 2 Officescan, Worry Free Business Security | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-5831 | 1 Ssl-explorer | 1 Ssl-explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2215 | 1 Pbcs | 1 Project-based Calendaring System | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php. | |||||
CVE-2008-4437 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.1 HIGH | N/A |
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. | |||||
CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||||
CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | |||||
CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | |||||
CVE-2008-1857 | 1 Mole | 1 Make Our Life Easy | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters. | |||||
CVE-2009-4512 | 1 Indymedia | 1 Oscailt | 2025-04-09 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter. | |||||
CVE-2008-5639 | 1 Txtblogcms | 1 Txtblog | 2025-04-09 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter. | |||||
CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | |||||
CVE-2007-6188 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2025-04-09 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. | |||||
CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | |||||
CVE-2008-2045 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-09 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory. | |||||
CVE-2008-3179 | 1 W2b | 1 Phpdatingclub | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
CVE-2008-3555 | 1 Wsn | 4 Forum, Gallery, Knowledge Base and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. | |||||
CVE-2008-6018 | 1 Myphpsite | 1 Myphpsite | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
CVE-2009-3702 | 1 Php-calendar | 1 Php-calendar | 2025-04-09 | 7.5 HIGH | N/A |
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
CVE-2008-4425 | 1 Phlatline | 1 Personal Information Manager | 2025-04-09 | 8.8 HIGH | N/A |
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. |