Vulnerabilities (CVE)

Filtered by CWE-22
Total 7261 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6224 1 Samelinux 1 Way Of The Warrior 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
CVE-2009-1031 1 Solarwinds 1 Serv-u File Server 2025-04-09 7.8 HIGH N/A
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.
CVE-2008-0405 1 Hfs 1 Http File Server 2025-04-09 10.0 HIGH N/A
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
CVE-2007-6672 1 Mortbay Jetty 1 Jetty 2025-04-09 5.0 MEDIUM N/A
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
CVE-2008-5518 2 Apache, Microsoft 2 Geronimo, Windows 2025-04-09 9.4 HIGH N/A
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet.
CVE-2007-0893 1 Matthieu Aubry 1 Phpmyvisites 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
CVE-2008-0435 1 Ozjournals 1 Ozjournals 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
CVE-2007-5674 1 Instaguide 1 Weather 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
CVE-2008-6083 1 Txtshop 1 Txtshop 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2008-6735 1 Thaiquickcart 1 Thaiquickcart 2025-04-09 5.8 MEDIUM N/A
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
CVE-2008-2017 1 Chilkat Software 1 Chicomas 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.
CVE-2008-6786 1 Codewiz 1 Geekigeeki 2025-04-09 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions.
CVE-2009-1406 1 Sweetphp 1 Totalcalendar 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
CVE-2009-4056 1 Betsy 1 Betsy Cms 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter.
CVE-2008-3385 1 Linuxwebshop 1 Php Help Agent 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-6265 1 Cyberfolio 1 Cyberfolio 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-4913 1 Lokicms 1 Lokicms 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
CVE-2008-2985 1 Cmreams 1 Cmreams Cms 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
CVE-2008-6290 1 Niclor 1 Include Sito 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
CVE-2008-6172 2 Joomla, Weberr 2 Joomla, Rwcards 2025-04-09 6.8 MEDIUM N/A
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.