Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3865 | 1 Debian | 1 Dpkg-dev | 2017-12-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. | |||||
| CVE-2014-3864 | 1 Debian | 1 Dpkg-dev | 2017-12-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. | |||||
| CVE-2012-2194 | 1 Ibm | 1 Db2 | 2017-12-22 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | |||||
| CVE-2012-2202 | 1 Ibm | 3 Lotus Protector For Mail Security, Proventia Network Mail Security System, Proventia Network Mail Security System Firmware | 2017-12-22 | 3.5 LOW | N/A |
| Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2012-1918 | 1 Atmail | 1 Atmail Open | 2017-12-13 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. | |||||
| CVE-2012-1089 | 1 Apache | 1 Wicket | 2017-12-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. | |||||
| CVE-2012-0403 | 1 Rsa | 1 Envision | 2017-12-06 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2017-12-01 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | |||||
| CVE-2008-2702 | 1 Estsoft | 1 Alftp | 2017-11-22 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2013-0141 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-11-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. | |||||
| CVE-2015-7601 | 1 Pcman\'s Ftp Server Project | 1 Pcman\'s Ftp Server | 2017-11-07 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | |||||
| CVE-2015-6500 | 1 Owncloud | 1 Owncloud | 2017-11-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | |||||
| CVE-2008-4455 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie. | |||||
| CVE-2008-3031 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-6201 | 1 Kwsphp | 1 Kwsphp | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2895 | 1 Aprox | 1 Aproxengine | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-2887 | 1 Chaozzatwork | 1 Fubarforum | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-5968 | 1 Phpicalendar | 1 Phpicalendar | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292. | |||||
| CVE-2008-4894 | 1 Tribiq | 1 Tribiq Cms | 2017-10-19 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c. | |||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
| CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | |||||
| CVE-2008-6224 | 1 Samelinux | 1 Way Of The Warrior | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter. | |||||
| CVE-2007-5321 | 1 Verlihub-project | 1 Verlihub Control Panel | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-5174 | 1 Actsite | 1 Actsite | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. | |||||
| CVE-2009-0865 | 1 Geovision | 1 Livex Activex Control | 2017-10-19 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. | |||||
| CVE-2008-6012 | 1 Hardkap | 1 Pritlog | 2017-10-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action. | |||||
| CVE-2006-6242 | 1 S9y | 1 Serendipity | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php. | |||||
| CVE-2008-6253 | 1 Pluck-cms | 1 Pluck | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter. | |||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1031 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. | |||||
| CVE-2006-7117 | 1 Kubix | 1 Kubix | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php. | |||||
| CVE-2006-7112 | 1 Maxdev | 1 Mdpro | 2017-10-11 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. | |||||
| CVE-2004-0175 | 1 Openbsd | 1 Openssh | 2017-10-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2017-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2009-1653 | 1 Tinybutstrong | 1 Tinybutstrong | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter. | |||||
| CVE-2009-1765 | 1 Pluck-cms | 1 Pluck | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194. | |||||
| CVE-2009-1744 | 1 Pinnaclesys | 1 Pinnacle Studio | 2017-09-29 | 4.3 MEDIUM | N/A |
| InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file. | |||||
| CVE-2009-1624 | 1 Dew-code | 1 Dew-newphplinks | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter. | |||||
| CVE-2009-1625 | 1 Davlin | 1 Thickbox Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter. | |||||
| CVE-2009-1649 | 1 Bicluc | 1 Belive | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter. | |||||
| CVE-2009-1768 | 1 Ramazeiten | 4 Ramazaitencms0.9.7.5, Ramazaitencms0.9.7.6, Ramazaitencms0.9.7.8 and 1 more | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2009-1770 | 1 Flyspeck | 1 Flyspeck Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2009-2176 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | |||||
| CVE-2009-2177 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | |||||
| CVE-2009-2151 | 1 Adaptweb | 1 Adaptweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | |||||
| CVE-2009-2180 | 1 Pc4arb | 1 Pc4 Uploader | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter. | |||||
| CVE-2009-2183 | 1 Campware.org | 1 Campsite | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. | |||||
| CVE-2009-2124 | 1 Elvinbts | 1 Elvinbts | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2009-2109 | 1 Daan Sprenkels | 1 Fretsweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php. | |||||
| CVE-2009-2110 | 1 Jnmsolutions | 1 Db Top Sites | 2017-09-29 | 7.6 HIGH | N/A |
| Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php. | |||||