Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2544 | 2 Marcelo Costa, Microsoft | 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2009-3216 | 1 Wiccle | 1 Iwiccle | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php. | |||||
| CVE-2009-3425 | 1 Databay | 1 Maxcms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | |||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter. | |||||
| CVE-2009-4202 | 2 Joomla, Omilenitsolutions | 2 Joomla\!, Com Omphotogallery | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2009-3561 | 1 Xerver | 1 Xerver | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | |||||
| CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2017-09-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2009-3064 | 1 Rein Velt | 1 Vedit | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter. | |||||
| CVE-2009-2379 | 1 Bigace | 1 Bigace Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||
| CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | |||||
| CVE-2009-3535 | 1 Allisclear | 1 Clear Content | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect. | |||||
| CVE-2009-2333 | 1 Cms.tut.su | 1 Cms Chainuk | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php. | |||||
| CVE-2009-3181 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php. | |||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | |||||
| CVE-2009-3167 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2009-3534 | 1 Lionwiki | 1 Lionwiki | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | |||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2017-09-19 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | |||||
| CVE-2009-3508 | 1 Fcgphilipp | 1 Mujecms | 2017-09-19 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php. | |||||
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2009-2229 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | |||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2017-09-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | |||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2017-09-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2009-2220 | 1 Tribiq | 1 Tribiq Cms | 2017-09-19 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894. | |||||
| CVE-2009-2611 | 1 Gander | 1 Myfusion | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter. | |||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | |||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | |||||
| CVE-2009-2925 | 1 Djcalendar | 1 Djcalendar | 2017-09-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. | |||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2017-09-19 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||||
| CVE-2014-0780 | 1 Indusoft | 1 Web Studio | 2017-09-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | |||||
| CVE-2011-3487 | 1 Carel | 1 Plantvisor | 2017-09-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2017-09-09 | 5.0 MEDIUM | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||||
| CVE-2014-6182 | 1 Ibm | 1 Business Process Manager | 2017-09-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | |||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2017-09-08 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2017-09-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2014-10037 | 1 Domphp | 1 Domphp | 2017-09-08 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||||
| CVE-2014-5368 | 1 Wp Content Source Control Project | 1 Wp Content Source Control | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. | |||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2017-09-08 | 7.5 HIGH | N/A |
| visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | |||||
| CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-6149 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-6154 | 3 Ibm, Linux, Microsoft | 3 Optim Performance Manager, Linux Kernel, Windows | 2017-09-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. | |||||