Total
8108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3564 | 1 Dayfox Designs | 1 Dayfox Blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | |||||
| CVE-2007-2836 | 1 Hiki | 1 Hiki | 2025-04-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | |||||
| CVE-2009-2007 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php. | |||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2007-5844 | 1 Guppy | 1 Guppy | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | |||||
| CVE-2009-1625 | 1 Davlin | 1 Thickbox Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter. | |||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2025-04-09 | 4.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | |||||
| CVE-2008-3031 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-1748 | 1 Joost Horward | 1 Catviz | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter. | |||||
| CVE-2008-1652 | 1 Perlbal | 1 Perlbal | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4908 | 1 Auracms | 1 Auracms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter. | |||||
| CVE-2009-1319 | 1 Guestcal | 1 Guest Cal | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php. | |||||
| CVE-2009-3561 | 1 Xerver | 1 Xerver | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | |||||
| CVE-2008-6834 | 1 Fuzzylime | 1 Fuzzylime \(cms\) | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164. | |||||
| CVE-2009-2552 | 1 Supersimple | 1 Super Simple Blog Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. | |||||
| CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | |||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | |||||
| CVE-2007-5620 | 1 Zehnet | 1 Zz Flashchat | 2025-04-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | |||||