Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4962 | 1 Winimage | 1 Winimage | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-4626 | 1 Zirkon Box | 1 Yappa-ng | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter. | |||||
| CVE-2008-5116 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. | |||||
| CVE-2008-1324 | 1 Leinir | 1 Travelsized Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1325. | |||||
| CVE-2007-6368 | 1 Ezcontents | 1 Ezcontents | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter. | |||||
| CVE-2007-6400 | 1 Poldoc | 1 Poldoc Document Management System | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter. | |||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | |||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4756 | 1 Ghisler | 1 Total Commander | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-4471 | 1 Autodesk | 3 Design Review, Dwf Viewer, Revit Architecture | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. | |||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | |||||
| CVE-2008-4068 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. | |||||
| CVE-2009-1246 | 1 Blogplus | 1 Blogplus | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php. | |||||
| CVE-2009-3824 | 1 Michael J Greenwood | 1 Php Content Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. | |||||
| CVE-2008-2459 | 1 Entertainmentscript | 1 Entertainmentscript | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2007-4585 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2009-3702 | 1 Php-calendar | 1 Php-calendar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-2795 | 1 Idm Computer Solutions Inc | 1 Ultraedit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command. | |||||
| CVE-2008-5861 | 1 Freelyrics | 1 Freelyrics | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3195 | 1 Twiki | 1 Twiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors. | |||||