Total
7161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4088 | 1 Telepark | 1 Telepark.wiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. | |||||
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1765 | 1 Pluck-cms | 1 Pluck | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. | |||||
| CVE-2008-1169 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command. | |||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | |||||
| CVE-2007-4842 | 1 Enriva Development | 1 Magellan Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2007-4683 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-4632 | 1 Kure | 1 Kure | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters. | |||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||||
| CVE-2009-0886 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. | |||||
| CVE-2008-5587 | 1 Phppgadmin | 1 Phppgadmin | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php. | |||||
| CVE-2008-3568 | 1 Unak | 1 Unak-cms | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1. | |||||
| CVE-2007-3967 | 1 Dirlist | 1 Dirlist Php | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter. | |||||
| CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1222 | 1 Webedition | 1 Webedition | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter. | |||||
| CVE-2008-0480 | 1 Web Wiz | 1 Web Wiz Forums | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. | |||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | |||||
| CVE-2009-4194 | 1 Kmint21 | 1 Golden Ftp Server | 2025-04-09 | 6.0 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information. | |||||