Total
7022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5031 | 1 Cakephp | 1 Cakephp | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | |||||
| CVE-2008-6551 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/. | |||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | |||||
| CVE-2007-6290 | 1 Iptel | 1 Serweb | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||||
| CVE-2008-0745 | 1 Domphp | 1 Domphp | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-4483 | 1 Crux Software | 1 Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2009-3694 | 1 Jdtmmsm | 1 Ezrecipe-zee | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter. | |||||
| CVE-2008-0221 | 1 Gateway | 1 Weblaunch | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-6089 | 1 Scriptsez | 1 Easy Image Downloader | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action. | |||||
| CVE-2008-4519 | 1 Fastpublish | 1 Fastpublish Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php. | |||||
| CVE-2007-4457 | 1 Florian Mahieu | 1 Dalai Forum | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. | |||||
| CVE-2008-3036 | 1 Cms Little | 1 Cms Little | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. | |||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. | |||||
| CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. | |||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1555 | 1 Bolinos | 1 Bolinos | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter. | |||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5418 | 2 Justin Roy, Punbb | 2 Punportal Module, Punbb | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||