Total
8105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1140 | 1 Barekoncept | 1 Pheap | 2025-04-09 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2008-2227 | 1 Php-fusion | 1 Forum Rank System | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6833 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2025-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter. | |||||
| CVE-2008-1933 | 1 Microsoft | 1 Zune Software | 2025-04-09 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run. | |||||
| CVE-2007-6268 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | |||||
| CVE-2009-3694 | 1 Jdtmmsm | 1 Ezrecipe-zee | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter. | |||||
| CVE-2008-6139 | 1 Webbiscuits | 1 Modules Controller | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | |||||
| CVE-2008-3568 | 1 Unak | 1 Unak-cms | 2025-04-09 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1. | |||||
| CVE-2008-0332 | 1 Aria | 1 Aria | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | |||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
| CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2008-4155 | 1 Easybrik | 1 Easysite | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php. | |||||
| CVE-2008-6410 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
| CVE-2009-2161 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. | |||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | |||||
| CVE-2008-1606 | 1 Elastic Path | 1 Elastic Path | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp. | |||||
| CVE-2008-0946 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2025-04-09 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | |||||