Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2495 | 1 Pancake | 1 Zina | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter. | |||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | |||||
| CVE-2009-0457 | 1 Magtrb | 1 Aja Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module. | |||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI. | |||||
| CVE-2008-6786 | 1 Codewiz | 1 Geekigeeki | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions. | |||||
| CVE-2008-4455 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie. | |||||
| CVE-2007-5069 | 1 Massimo Chioni | 1 Mobile Entertainment Module | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter. | |||||
| CVE-2009-4053 | 1 Home Ftp Server Project | 1 Home Ftp Server | 2025-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2665 | 1 Php | 1 Php | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. | |||||
| CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | |||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-1301 | 1 Alkacon | 1 Opencms | 2025-04-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. | |||||
| CVE-2009-1743 | 1 Pinnaclesys | 2 Pinnacle Hollywood Effects, Pinnacle Studio | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1847 | 1 Easypx41 | 1 Easy Px 41 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter. | |||||
| CVE-2009-0680 | 1 Netgear | 1 Ssl312 | 2025-04-09 | 7.8 HIGH | N/A |
| cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | |||||
| CVE-2008-1751 | 1 Ksemail | 1 Ksemail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. | |||||
| CVE-2008-6177 | 1 Publicwarehouse | 1 Lightblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php. | |||||
| CVE-2008-4519 | 1 Fastpublish | 1 Fastpublish Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php. | |||||
| CVE-2009-3787 | 1 Vivvo | 1 Vivvo | 2025-04-09 | 5.0 MEDIUM | N/A |
| files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | |||||
| CVE-2008-1221 | 1 Microworld Technologies | 3 Escan, Escan Management Console, Escan Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command. | |||||