Total
8105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6662 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | |||||
| CVE-2008-3333 | 1 Mantis | 1 Mantis | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||||
| CVE-2008-1410 | 1 Acronis | 1 Snap Deploy | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. | |||||
| CVE-2009-4435 | 1 Compmaster.prv.pl | 1 F3site | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | |||||
| CVE-2009-2931 | 1 Slideshowpro | 1 Director | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter. | |||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. | |||||
| CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | |||||
| CVE-2008-5878 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-09 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php. | |||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | |||||
| CVE-2009-3366 | 1 Plohni | 1 An Image Gallery | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2008-6172 | 2 Joomla, Weberr | 2 Joomla, Rwcards | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. | |||||
| CVE-2007-3846 | 2 Subversion, Tortoisesvn | 2 Subversion, Tortoisesvn | 2025-04-09 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. | |||||
| CVE-2008-2699 | 1 Gwm | 1 Galatolo Webmanager | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | |||||
| CVE-2008-2687 | 1 Promanager | 1 Promanager | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-5860 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter. | |||||
| CVE-2008-7110 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request. | |||||
| CVE-2008-0819 | 1 Plutostatus | 1 Plutostatus Locator | 2025-04-09 | 3.6 LOW | N/A |
| Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-1912 | 1 Webspell | 1 Webspell | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php. | |||||
| CVE-2008-1343 | 1 Sco | 1 Unixware | 2025-04-09 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2009-4427 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||