Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1885 | 1 Cdnetworks | 1 Download Client | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | |||||
| CVE-2007-4983 | 1 Cowon America | 1 Jetaudio | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. | |||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2007-6086 | 1 Vigilecms | 1 Vigilecms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | |||||
| CVE-2007-4471 | 1 Intuit | 1 Quickbooks | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-1856 | 1 Linpha | 1 Linpha | 2025-04-09 | 5.1 MEDIUM | N/A |
| plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | |||||
| CVE-2009-0880 | 2 Ibm, Microsoft | 2 Director, Windows | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | |||||
| CVE-2008-5860 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter. | |||||
| CVE-2007-4031 | 1 Nessus | 1 Vulnerability Scanner | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2116 | 1 Skybluecanvas | 1 Skybluecanvas | 2025-04-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter. | |||||
| CVE-2008-0405 | 1 Hfs | 1 Http File Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | |||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | |||||
| CVE-2007-4718 | 1 Claroline | 1 Claroline | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2006-6725 | 1 Phpbuilder | 1 Phpbuilder | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3936 | 1 A-shop | 1 A-shop | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | |||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | |||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||