Total
7183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5823 | 1 Scribe | 1 Scribe | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action. | |||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | |||||
| CVE-2008-0819 | 1 Plutostatus | 1 Plutostatus Locator | 2025-04-09 | 3.6 LOW | N/A |
| Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-6233 | 1 Ftp Admin | 1 Ftp Admin | 2025-04-09 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | |||||
| CVE-2007-5956 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||||
| CVE-2006-7112 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. | |||||
| CVE-2008-4454 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0760 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483. | |||||
| CVE-2007-5731 | 1 Apache | 1 Jakarta Slide | 2025-04-09 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. | |||||
| CVE-2008-5819 | 1 Edreamers | 1 Ednews | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5515 | 1 Apache | 1 Tomcat | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | |||||
| CVE-2007-5821 | 1 Dm Guestbook | 1 Dm Guestbook | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php. | |||||
| CVE-2008-5968 | 1 Phpicalendar | 1 Phpicalendar | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292. | |||||
| CVE-2009-1479 | 1 Boxalino | 1 Boxalino | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | |||||
| CVE-2008-1861 | 1 Exbb | 1 Exbb Italia | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter. | |||||
| CVE-2008-5878 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php. | |||||
| CVE-2008-2185 | 1 Toocharger | 1 Smartblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1643 | 1 Landesk Software | 1 Landesk Management Suite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2007-5776 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | |||||