Total
8104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3625 | 1 Sahana | 1 Sahana | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2009-1222 | 1 Webedition | 1 Webedition | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter. | |||||
| CVE-2009-3825 | 1 Thomas Graber | 1 Gencms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. | |||||
| CVE-2008-0798 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php. | |||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | |||||
| CVE-2008-5881 | 1 Playsms | 1 Playsms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php. | |||||
| CVE-2006-6047 | 1 Etomite | 1 Etomite | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2008-0742 | 1 Powerscripts | 1 Powernews | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators. | |||||
| CVE-2008-5579 | 1 Mini-pub | 1 Mini-pub | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter. | |||||
| CVE-2008-4330 | 1 Lansuite | 1 Lansuite | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter. | |||||
| CVE-2008-1125 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php. | |||||
| CVE-2007-5110 | 1 Eb Design Pty Ltd | 1 Ebcrypt | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
| CVE-2008-5723 | 1 Cgi-rescue | 2 Kannibbs2000, Kannibbs2000i | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-6592 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | 7.5 HIGH | N/A |
| thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). | |||||
| CVE-2008-5204 | 1 Poweraward | 1 Poweraward | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | |||||
| CVE-2009-0515 | 1 Yanocc | 1 Yanocc | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in check_lang.php in Yet Another NOCC (YANOCC) 0.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2006-5897 | 1 Phpheaven | 1 Phpmychat Plus | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect. | |||||
| CVE-2008-5209 | 1 Admidio | 1 Admidio | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | |||||