Total
7261 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6224 | 1 Samelinux | 1 Way Of The Warrior | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter. | |||||
CVE-2009-1031 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-09 | 7.8 HIGH | N/A |
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. | |||||
CVE-2008-0405 | 1 Hfs | 1 Http File Server | 2025-04-09 | 10.0 HIGH | N/A |
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | |||||
CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | |||||
CVE-2008-5518 | 2 Apache, Microsoft | 2 Geronimo, Windows | 2025-04-09 | 9.4 HIGH | N/A |
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet. | |||||
CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
CVE-2008-0435 | 1 Ozjournals | 1 Ozjournals | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. | |||||
CVE-2007-5674 | 1 Instaguide | 1 Weather | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | |||||
CVE-2008-6083 | 1 Txtshop | 1 Txtshop | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
CVE-2008-6735 | 1 Thaiquickcart | 1 Thaiquickcart | 2025-04-09 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie. | |||||
CVE-2008-2017 | 1 Chilkat Software | 1 Chicomas | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/. | |||||
CVE-2008-6786 | 1 Codewiz | 1 Geekigeeki | 2025-04-09 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions. | |||||
CVE-2009-1406 | 1 Sweetphp | 1 Totalcalendar | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter. | |||||
CVE-2009-4056 | 1 Betsy | 1 Betsy Cms | 2025-04-09 | 7.5 HIGH | N/A |
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. | |||||
CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
CVE-2008-6265 | 1 Cyberfolio | 1 Cyberfolio | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
CVE-2008-4913 | 1 Lokicms | 1 Lokicms | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||||
CVE-2008-2985 | 1 Cmreams | 1 Cmreams Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter. | |||||
CVE-2008-6290 | 1 Niclor | 1 Include Sito | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter. | |||||
CVE-2008-6172 | 2 Joomla, Weberr | 2 Joomla, Rwcards | 2025-04-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. |