Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0271 | 1 Fujitsu | 1 Systemcastwizard Lite | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | |||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2025-04-09 | 5.0 MEDIUM | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | |||||
| CVE-2008-0459 | 1 Liquidsilvercms | 1 Liquidsilvercms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. | |||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | |||||
| CVE-2008-4425 | 1 Phlatline | 1 Personal Information Manager | 2025-04-09 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. | |||||
| CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2008-1635 | 1 Raven Php Scripts | 1 Keep It Simple Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected. | |||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2007-6397 | 1 Flat Php | 1 Board | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action. | |||||
| CVE-2007-6290 | 1 Iptel | 1 Serweb | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||||
| CVE-2007-6651 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | |||||
| CVE-2009-3123 | 1 Visavi | 1 Wap-motor | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter. | |||||
| CVE-2008-1885 | 1 Cdnetworks | 1 Download Client | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | |||||
| CVE-2007-4983 | 1 Cowon America | 1 Jetaudio | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. | |||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2007-6086 | 1 Vigilecms | 1 Vigilecms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | |||||
| CVE-2007-4471 | 1 Intuit | 1 Quickbooks | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||