Total
7439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3366 | 1 Plohni | 1 An Image Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2007-4641 | 1 Pakupaku | 1 Pakupaku Cms | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file. | |||||
| CVE-2008-5948 | 1 Bncwi | 1 Bncwi | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter. | |||||
| CVE-2009-2229 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2025-04-09 | 4.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | |||||
| CVE-2007-5620 | 1 Zehnet | 1 Zz Flashchat | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-4626 | 1 Zirkon Box | 1 Yappa-ng | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter. | |||||
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5815 | 1 Sonicwall | 2 Ssl Vpn2000\/4000, Ssl Vpn 200 | 2025-04-09 | 10.0 HIGH | N/A |
| Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. | |||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | |||||
| CVE-2009-3823 | 1 Ac4p | 1 Mobilelib Gold | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. | |||||
| CVE-2008-5209 | 1 Admidio | 1 Admidio | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-4155 | 1 Easybrik | 1 Easysite | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php. | |||||
| CVE-2008-3593 | 1 Syzygycms | 1 Syzygycms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. | |||||
| CVE-2008-6877 | 1 Zen Cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths. | |||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5782 | 1 Fireconfig | 1 Fireconfig | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0332 | 1 Aria | 1 Aria | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2007-4545 | 1 X-diesel | 1 Unreal Commander | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. | |||||