Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0310 | 1 Sco | 1 Unixware | 2017-09-29 | 6.9 MEDIUM | N/A |
| Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. | |||||
| CVE-2008-0338 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. | |||||
| CVE-2008-0259 | 1 Minimal Design | 1 Minimal Gallery | 2017-09-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. | |||||
| CVE-2008-0221 | 1 Gateway | 1 Weblaunch | 2017-09-29 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0158 | 1 Shop-script | 1 Shop-script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. | |||||
| CVE-2008-0140 | 1 Uebimiau | 1 Webmail | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. | |||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-4641 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file. | |||||
| CVE-2007-4585 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2007-4583 | 1 Acti | 1 Network Video Recorder | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. | |||||
| CVE-2007-4420 | 1 Edraw | 1 Office Viewer Component | 2017-09-29 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. | |||||
| CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | |||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2017-09-29 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | |||||
| CVE-2007-6475 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2017-09-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php. | |||||
| CVE-2007-6400 | 1 Poldoc | 1 Poldoc Document Management System | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter. | |||||
| CVE-2007-4058 | 1 Emc | 1 Vmware | 2017-09-29 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. | |||||
| CVE-2007-4031 | 1 Nessus | 1 Vulnerability Scanner | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | |||||
| CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | |||||
| CVE-2007-6369 | 1 Wordpress | 1 Pictpress | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter. | |||||
| CVE-2007-6344 | 1 Mcms | 1 Easy Web Make | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-6323 | 1 Mms Gallery | 1 Mms Gallery Php | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/. | |||||
| CVE-2007-3936 | 1 A-shop | 1 A-shop | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | |||||
| CVE-2007-6322 | 1 Xml2owl | 1 Xml2owl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6290 | 1 Iptel | 1 Serweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||||
| CVE-2007-6233 | 1 Ftp Admin | 1 Ftp Admin | 2017-09-29 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-6230 | 1 Rayzz | 1 Rayzz Script | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter. | |||||
| CVE-2007-6215 | 1 Web-meetme | 1 Web-meetme | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter. | |||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | |||||
| CVE-2007-6213 | 1 Webed | 1 Webed | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters. | |||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | |||||
| CVE-2007-6188 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. | |||||
| CVE-2007-6187 | 1 Noah | 1 Noah | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/. | |||||
| CVE-2007-6184 | 1 Project Alumni | 1 Project Alumni | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter. | |||||
| CVE-2007-6079 | 1 Bcoos | 1 Bcoos | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. | |||||
| CVE-2007-5844 | 1 Guppy | 1 Guppy | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | |||||
| CVE-2007-5820 | 1 Ax Developer Cms | 1 Ax Developer Cms | 2017-09-29 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2007-5821 | 1 Dm Guestbook | 1 Dm Guestbook | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php. | |||||
| CVE-2007-5813 | 1 Ispworker | 1 Ispworker | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters. | |||||
| CVE-2007-5811 | 1 Phpmyconferences | 1 Phpmyconferences | 2017-09-29 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed. | |||||
| CVE-2007-5826 | 1 Edraw | 1 Flowchart Activex | 2017-09-29 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | |||||
| CVE-2007-5782 | 1 Fireconfig | 1 Fireconfig | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5812 | 1 Modulebuilder | 1 Modulebuilder | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5731 | 1 Apache | 1 Jakarta Slide | 2017-09-29 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. | |||||
| CVE-2007-5674 | 1 Instaguide | 1 Weather | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | |||||
| CVE-2007-5620 | 1 Zehnet | 1 Zz Flashchat | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5642 | 1 Phppm | 1 Php Project Management | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/. | |||||
| CVE-2007-5489 | 1 Artmedic Webdesign | 1 Artmedic Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | |||||
| CVE-2007-5446 | 1 Perfection Bytes | 1 Pbemail | 2017-09-29 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method. | |||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | |||||