Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3096 | 1 Softx | 1 Ftp Client | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename. | |||||
| CVE-2010-3261 | 1 Rsa | 1 Authentication Agent For Web | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. | |||||
| CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
| CVE-2010-2695 | 1 Xlightftpd | 1 Xlight Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. | |||||
| CVE-2010-2426 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | |||||
| CVE-2010-2425 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | |||||
| CVE-2010-2122 | 2 Joelrowley, Joomla | 2 Com Simpledownload, Joomla\! | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2104 | 1 Orbitdownloader | 1 Orbit Downloader | 2018-10-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. | |||||
| CVE-2010-2006 | 1 Letodms | 1 Letodms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2010-1462 | 1 Webasyst Llc | 1 Shop-script | 2018-10-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter. | |||||
| CVE-2010-1512 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2018-10-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-1003 | 1 Efrontlearning | 1 Efront | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter. | |||||
| CVE-2010-1000 | 1 Kde | 1 Kde Sc | 2018-10-10 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-0989 | 1 Pulsecms | 1 Pulse Cms | 2018-10-10 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. | |||||
| CVE-2010-0999 | 1 Freedownloadmanager | 1 Free Download Manager | 2018-10-10 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-0620 | 1 Emc | 1 Homebase Server | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2010-0403 | 1 Phpgroupware | 1 Phpgroupware | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. | |||||
| CVE-2010-0154 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability." | |||||
| CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | |||||
| CVE-2009-4886 | 1 Bernhard Frohlich | 1 Phpcom | 2018-10-10 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php. | |||||
| CVE-2009-5087 | 1 Geovision | 1 Digital Surveillance System | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. | |||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2018-10-10 | 3.5 LOW | N/A |
| Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | |||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | |||||
| CVE-2009-3787 | 1 Vivvo | 1 Vivvo | 2018-10-10 | 5.0 MEDIUM | N/A |
| files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | |||||
| CVE-2009-3733 | 2 Linux, Vmware | 4 Linux, Esx, Esxi and 1 more | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2009-3702 | 1 Php-calendar | 1 Php-calendar | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2018-10-10 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | |||||
| CVE-2009-3664 | 1 Nullam | 1 Nullam Blog | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters. | |||||
| CVE-2009-3451 | 1 Radactive | 1 I-load | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2009-2931 | 1 Slideshowpro | 1 Director | 2018-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter. | |||||
| CVE-2009-2968 | 1 Vmware | 1 Studio | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. | |||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2018-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | |||||
| CVE-2009-2166 | 2 Ocsinventory-ng, Unix | 2 Ocs Inventory Ng, Unix | 2018-10-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter. | |||||
| CVE-2009-2161 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. | |||||
| CVE-2009-2116 | 1 Skybluecanvas | 1 Skybluecanvas | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter. | |||||
| CVE-2009-1911 | 2 Claudio Klingler, Tinywebgallery | 2 Quixplorer, Tinywebgallery | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php. | |||||
| CVE-2009-1873 | 1 Adobe | 1 Jrun | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. | |||||
| CVE-2009-1760 | 1 Rasterbar Software | 1 Libtorrent | 2018-10-10 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. | |||||
| CVE-2009-1743 | 1 Pinnaclesys | 2 Pinnacle Hollywood Effects, Pinnacle Studio | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1621 | 1 Opencart | 1 Opencart | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter. | |||||
| CVE-2009-1479 | 1 Boxalino | 1 Boxalino | 2018-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | |||||
| CVE-2009-1456 | 1 Stephane Rajalu | 1 Malleo | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2009-1354 | 1 Sergey Lyubka | 1 Mongoose | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2009-1222 | 1 Webedition | 1 Webedition | 2018-10-10 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter. | |||||
| CVE-2009-1090 | 1 Rapidleech | 1 Rapidleech | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded parameter. | |||||
| CVE-2009-1089 | 1 Rapidleech | 1 Rapidleech | 2018-10-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter. | |||||
| CVE-2009-0880 | 2 Ibm, Microsoft | 2 Director, Windows | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | |||||
| CVE-2009-0640 | 1 Swannsecurity | 1 Dvr4-securanet | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords. | |||||
| CVE-2015-7683 | 1 Font Project | 1 Font | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. | |||||