Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5110 | 1 Eb Design Pty Ltd | 1 Ebcrypt | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4499 | 1 Php Web Explorer | 1 Php Web Explorer Lite | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php. | |||||
| CVE-2009-0291 | 1 Openx | 1 Openx | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. | |||||
| CVE-2008-4187 | 1 Proactive Cms | 1 Proactive Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3555 | 1 Wsn | 4 Forum, Gallery, Knowledge Base and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. | |||||
| CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | |||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | |||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | |||||
| CVE-2007-4134 | 1 Redhat | 1 Fedora | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | |||||
| CVE-2008-5856 | 1 Class | 1 Class | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter. | |||||
| CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | |||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | |||||
| CVE-2008-1409 | 1 Exero | 1 Exero Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php. | |||||
| CVE-2008-3312 | 1 Lemoncms | 1 Lemon Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor. | |||||
| CVE-2008-0393 | 1 Gradman | 1 Gradman | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. | |||||
| CVE-2008-2938 | 1 Apache | 1 Tomcat | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. | |||||
| CVE-2009-4449 | 1 Mybboard | 1 Mybb | 2025-04-09 | 6.3 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | |||||
| CVE-2008-0813 | 1 Xpweb | 1 Xpweb | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | |||||