Total
7439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | |||||
| CVE-2008-1221 | 1 Microworld Technologies | 3 Escan, Escan Management Console, Escan Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command. | |||||
| CVE-2007-6317 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. | |||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | |||||
| CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter. | |||||
| CVE-2008-4740 | 1 Tinycms | 1 Tinycms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter. | |||||
| CVE-2009-0331 | 1 Quirm | 1 Espg | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG. | |||||
| CVE-2009-2265 | 1 Fckeditor | 1 Fckeditor | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. | |||||
| CVE-2008-6659 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php. | |||||
| CVE-2008-5658 | 1 Php | 1 Php | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. | |||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2008-5570 | 1 Php Multiple Newsletters | 1 Php Multiple Newsletters | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-5748 | 1 Bloofox | 1 Bloofoxcms | 2025-04-09 | 4.3 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | |||||
| CVE-2007-6582 | 1 C97net | 1 Mblog | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | |||||
| CVE-2008-6083 | 1 Txtshop | 1 Txtshop | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-3192 | 1 Sclek | 1 Jsite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-0758 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename. | |||||
| CVE-2008-0840 | 1 Publicwarehouse | 1 Lightblog | 2025-04-09 | 4.4 MEDIUM | N/A |
| Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. | |||||
| CVE-2008-2976 | 1 Tinx Cms | 1 Tinx Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php. | |||||
| CVE-2008-2818 | 1 Easy-clanpage | 1 Easy-clanpage | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI. | |||||