Total
8102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||||
| CVE-2009-1948 | 1 Unclassified | 1 Newsboard | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter. | |||||
| CVE-2008-0140 | 1 Uebimiau | 1 Webmail | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. | |||||
| CVE-2008-6313 | 1 Phpaddedit | 1 Phpaddedit | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely. | |||||
| CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. | |||||
| CVE-2008-5201 | 1 Otmanager | 1 Otmanager Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-1751 | 1 Ksemail | 1 Ksemail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. | |||||
| CVE-2009-0753 | 1 Mldonkey | 1 Mldonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. | |||||
| CVE-2008-3293 | 1 Ezwebalbum | 1 Ezwebalbum | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter. | |||||
| CVE-2008-1620 | 1 2x | 1 Thinclientserver | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename. | |||||
| CVE-2007-6582 | 1 C97net | 1 Mblog | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | |||||
| CVE-2009-1774 | 1 Strawberry | 1 Strawberry | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||
| CVE-2007-1773 | 1 Unverse.net | 1 Abitwhizzy | 2025-04-09 | 2.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. | |||||
| CVE-2008-1281 | 1 Argontechnology | 1 Client Management Services | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2008-5943 | 1 Navboard | 1 Navboard | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php. | |||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 3.5 LOW | N/A |
| Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | |||||
| CVE-2008-6843 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. | |||||
| CVE-2009-0932 | 1 Debian | 2 Horde, Horde Groupware | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. | |||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2025-04-09 | 5.0 MEDIUM | N/A |
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | |||||