Total
7261 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||||
CVE-2009-2166 | 2 Ocsinventory-ng, Unix | 2 Ocs Inventory Ng, Unix | 2025-04-09 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | |||||
CVE-2009-2112 | 1 Frank-karau | 1 Phpfk | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter. | |||||
CVE-2008-0361 | 1 Instituto Politicnico Nacional | 1 Gradman | 2025-04-09 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter. | |||||
CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||||
CVE-2008-2779 | 1 Globalscape | 1 Cuteftp | 2025-04-09 | 9.3 HIGH | N/A |
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
CVE-2009-1774 | 1 Strawberry | 1 Strawberry | 2025-04-09 | 9.3 HIGH | N/A |
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1571 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||||
CVE-2008-1310 | 1 Packettrap | 1 Pt360 Tool Suite | 2025-04-09 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. | |||||
CVE-2008-6522 | 1 Devraj Mukherjee | 1 Openterracotta | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php. | |||||
CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2025-04-09 | 7.8 HIGH | N/A |
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
CVE-2008-2353 | 1 Gnugallery | 1 Gnugallery | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||||
CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2025-04-09 | 10.0 HIGH | N/A |
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. | |||||
CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. | |||||
CVE-2008-4875 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password. | |||||
CVE-2008-6089 | 1 Scriptsez | 1 Easy Image Downloader | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action. | |||||
CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2025-04-09 | 4.9 MEDIUM | N/A |
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | |||||
CVE-2009-2379 | 1 Bigace | 1 Bigace Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. |