Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3371 | 1 Talkback | 1 Talkback | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-3205 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
| CVE-2008-3195 | 1 Twiki | 1 Twiki | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors. | |||||
| CVE-2008-3194 | 1 Pluck | 1 Pluck | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter. | |||||
| CVE-2008-3192 | 1 Sclek | 1 Jsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-3190 | 1 1scripts | 1 Codedb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-3179 | 1 W2b | 1 Phpdatingclub | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-3164 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected. | |||||
| CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. | |||||
| CVE-2008-3128 | 1 Pivot | 1 Pivot | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter. | |||||
| CVE-2008-3087 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module. | |||||
| CVE-2008-3165 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805. | |||||
| CVE-2008-3036 | 1 Cms Little | 1 Cms Little | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. | |||||
| CVE-2008-2993 | 1 Fog | 1 Fog Forum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3) fog_pseudo, (4) fog_posted, (5) fog_password, and (6) fog_cook parameters. | |||||
| CVE-2008-2985 | 1 Cmreams | 1 Cmreams Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter. | |||||
| CVE-2008-2982 | 1 Homeph Design | 1 Homeph Design | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/. | |||||
| CVE-2008-2978 | 1 Ourvideocms | 1 Ourvideo Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter. | |||||
| CVE-2008-2976 | 1 Tinx Cms | 1 Tinx Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php. | |||||
| CVE-2008-2974 | 1 Mm Chat | 1 Mm Chat | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter. | |||||
| CVE-2008-2966 | 1 Jaxultrabb | 1 Jaxultrabb | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information. | |||||
| CVE-2008-2961 | 1 Cmsmini | 1 Cms Mini | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter. | |||||
| CVE-2008-2896 | 1 Getfireant | 1 Fireant | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-2898 | 1 Hedgehog-cms | 1 Hedgehog-cms | 2017-09-29 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-2876 | 1 Munky | 1 Munky | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter. | |||||
| CVE-2008-2913 | 1 Devalcms | 1 Devalcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php. | |||||
| CVE-2008-2838 | 1 Traindepot | 1 Traindepot | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-2818 | 1 Easy-clanpage | 1 Easy-clanpage | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI. | |||||
| CVE-2008-2813 | 1 Shoutcastadmin | 1 Wallcity-server Shoutcast Admin Panel | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-2782 | 1 Otomigenx | 1 Otomigenx | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | |||||
| CVE-2008-2699 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | |||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-2687 | 1 Promanager | 1 Promanager | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-2483 | 1 Xomol | 1 Xomol Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter. | |||||
| CVE-2008-2459 | 1 Entertainmentscript | 1 Entertainmentscript | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | |||||
| CVE-2008-2353 | 1 Gnugallery | 1 Gnugallery | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
| CVE-2008-2342 | 1 News Manager | 1 News Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-2217 | 1 Mario Valdez | 1 Content Management System | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter. | |||||
| CVE-2008-2215 | 1 Pbcs | 1 Project-based Calendaring System | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php. | |||||
| CVE-2008-2091 | 1 Kubelabs | 1 Kubelance | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. | |||||
| CVE-2008-2081 | 1 Siteman | 1 Siteman | 2017-09-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-2076 | 1 Actualscripts | 1 Actualanalyzer Lite | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter. | |||||
| CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6648 | 1 Sanybee Gallery | 1 Sanybee Gallery | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | |||||
| CVE-2007-6624 | 1 Pnphpbb | 1 Pnphpbb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||||
| CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. | |||||
| CVE-2007-6621 | 1 Joovili | 1 Joovili | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | |||||