Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3926 | 1 Hans Oesterholt | 1 Cmme | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php. | ||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2025-04-09 | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | ||||
| CVE-2008-6933 | 1 Minigal | 1 Minigal | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter. | ||||
| CVE-2007-4062 | 1 Nessus | 1 Vulnerability Scanner | 2025-04-09 | N/A |
| The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. | ||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | ||||
| CVE-2008-2665 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. | ||||
| CVE-2007-5092 | 1 Multimedia | 1 Dance Music Module For Phpnuke | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php. | ||||
| CVE-2008-2672 | 1 Erfurtwiki | 1 Erfurtwiki | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php. | ||||
| CVE-2008-5598 | 1 Phpmygallery | 1 Phpmygallery | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter. | ||||
| CVE-2008-5594 | 1 Bpowerhouse | 1 Mini Blog | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. | ||||
| CVE-2008-6083 | 1 Txtshop | 1 Txtshop | 2025-04-09 | N/A |
| Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2008-5593 | 1 Bpowerhouse | 1 Mini Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. | ||||
| CVE-2008-2699 | 1 Gwm | 1 Galatolo Webmanager | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | ||||
| CVE-2007-5321 | 1 Verlihub-project | 1 Verlihub Control Panel | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-6901 | 1 2532gigs | 1 2532gigs | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585. | ||||
| CVE-2007-5920 | 1 Picoflat Cms | 1 Picoflat Cms | 2025-04-09 | N/A |
| index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6079 | 1 Bcoos | 1 Bcoos | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. | ||||
| CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2025-04-09 | N/A |
| Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | ||||
| CVE-2007-5174 | 1 Actsite | 1 Actsite | 2025-04-09 | N/A |
| Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. | ||||
| CVE-2007-6378 | 1 Badblue | 1 Badblue | 2025-04-09 | N/A |
| Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. | ||||