Total
7024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||
| CVE-2009-0340 | 1 Quirm | 1 Simple Php Newsletter | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. | |||||
| CVE-2009-0286 | 1 Opengoo | 1 Opengoo | 2025-04-09 | 2.6 LOW | N/A |
| Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter. | |||||
| CVE-2008-3727 | 1 Microworld Technologies | 1 Mailscan | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2010-0012 | 3 Debian, Opensuse, Transmissionbt | 3 Debian Linux, Opensuse, Transmission | 2025-04-09 | 6.8 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. | |||||
| CVE-2009-4435 | 1 Compmaster.prv.pl | 1 F3site | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | |||||
| CVE-2008-6926 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. | |||||
| CVE-2008-0252 | 1 Cherrypy | 1 Cherrypy | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. | |||||
| CVE-2008-0814 | 1 Truc | 1 Truc | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. | |||||
| CVE-2008-0231 | 1 Tuned Studios | 7 Classic Theme, Endless, Freeze Theme and 4 more | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. | |||||
| CVE-2007-5826 | 1 Edraw | 1 Flowchart Activex | 2025-04-09 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | |||||
| CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | |||||
| CVE-2009-1456 | 1 Stephane Rajalu | 1 Malleo | 2025-04-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2009-4434 | 1 Idevspot | 1 Isupport | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter. | |||||
| CVE-2008-3710 | 1 Hotscripts | 1 Cyboards Php Lite | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation. | |||||
| CVE-2007-5776 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | |||||
| CVE-2008-2961 | 1 Cmsmini | 1 Cms Mini | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter. | |||||
| CVE-2008-2439 | 1 Trend Micro | 2 Officescan, Worry Free Business Security | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5831 | 1 Ssl-explorer | 1 Ssl-explorer | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2215 | 1 Pbcs | 1 Project-based Calendaring System | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php. | |||||