Total
7028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1861 | 1 Exbb | 1 Exbb Italia | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter. | |||||
| CVE-2008-1352 | 1 Hangzhou Network Technology Development | 1 Ediorcms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the _SearchTemplate parameter during a Title search. | |||||
| CVE-2008-4741 | 1 Far-php | 1 Far-php | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
| CVE-2008-0905 | 1 Meo | 1 Globsy | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. | |||||
| CVE-2009-0448 | 1 Syntax Desktop | 1 Syntax Desktop | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/modules/aa/preview.php in Syntax Desktop 2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the synTarget parameter. | |||||
| CVE-2008-5204 | 1 Poweraward | 1 Poweraward | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | |||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | |||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
| CVE-2008-1891 | 1 Ruby-lang | 1 Ruby | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. | |||||
| CVE-2007-0700 | 1 Portail Web Php | 1 Portail Web Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1. | |||||
| CVE-2008-6410 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
| CVE-2008-6933 | 1 Minigal | 1 Minigal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter. | |||||
| CVE-2008-5991 | 2 Mailscanner, Mailwatch | 2 Mailscanner, Mailwatch | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter. | |||||
| CVE-2008-1512 | 1 Phpbb | 1 Module Xs | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6901 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585. | |||||
| CVE-2008-6129 | 1 Mozilo | 1 Mozilowiki | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-0205 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. | |||||