Total
8532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1737 | 1 Diqiye | 1 Mypic | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||||
| CVE-2007-4982 | 1 Mw6 Technologies | 1 Qrcode Activex | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2222 | 1 Php.s3 | 1 Php-i-board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | |||||
| CVE-2008-0459 | 1 Liquidsilvercms | 1 Liquidsilvercms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. | |||||
| CVE-2008-6334 | 1 Emetrix | 1 Extract Website | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2008-0742 | 1 Powerscripts | 1 Powernews | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators. | |||||
| CVE-2009-2037 | 1 Onlinegrades | 1 Online Grades | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php. | |||||
| CVE-2008-5943 | 1 Navboard | 1 Navboard | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php. | |||||
| CVE-2008-4151 | 1 Cyask | 1 Cyask | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter. | |||||
| CVE-2008-3677 | 1 Openfreeway | 1 Freeway | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors. | |||||
| CVE-2008-2116 | 1 Scriptsez | 1 Power Editor | 2025-04-09 | 4.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action. | |||||
| CVE-2008-2415 | 1 Digitalhive | 1 Digitalhive | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-6651 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | |||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-0184 | 1 Prenotazioni On Line | 1 Syshotel On Line System | 2025-04-09 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. | |||||
| CVE-2009-4426 | 1 Launchpad | 1 Ignition | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. | |||||
| CVE-2008-0479 | 1 Web Wiz | 1 Newspad | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. | |||||
| CVE-2008-7055 | 1 Visualshapers | 1 Ezcontents | 2025-04-09 | 5.1 MEDIUM | N/A |
| module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function. | |||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | |||||