Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1138 | 1 Cromosoft | 1 Simple Plantilla Php | 2018-10-16 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | |||||
| CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
| CVE-2007-0700 | 1 Portail Web Php | 1 Portail Web Php | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1. | |||||
| CVE-2007-0205 | 1 Alexphpteam | 1 Alex Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. | |||||
| CVE-2008-0981 | 1 Spyce | 1 Spyce | 2018-10-15 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-15 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||||
| CVE-2008-0946 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2018-10-15 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | |||||
| CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2018-10-15 | 6.9 MEDIUM | N/A |
| Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | |||||
| CVE-2008-0840 | 1 Publicwarehouse | 1 Lightblog | 2018-10-15 | 4.4 MEDIUM | N/A |
| Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. | |||||
| CVE-2008-0822 | 1 Scribe | 1 Scribe | 2018-10-15 | 3.6 LOW | N/A |
| Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-0819 | 1 Plutostatus | 1 Plutostatus Locator | 2018-10-15 | 3.6 LOW | N/A |
| Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-0812 | 1 Banpro | 1 Net Banpro Dms | 2018-10-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-0798 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php. | |||||
| CVE-2008-0790 | 1 Intermate | 1 Winipds | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-0760 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483. | |||||
| CVE-2008-0758 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename. | |||||
| CVE-2008-0742 | 1 Powerscripts | 1 Powernews | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators. | |||||
| CVE-2008-0703 | 1 Sflog | 1 Sflog | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php. | |||||
| CVE-2008-0654 | 1 Azucar Cms | 1 Azucar Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php. | |||||
| CVE-2008-0612 | 1 Xoops | 1 Xoops | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-0609 | 1 Divideconcept | 1 Vhd Web Pack | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-0559 | 1 Nilsons Blogger | 1 Nilsons Blogger | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php. | |||||
| CVE-2008-0427 | 1 Bloo | 1 Bloofoxcms | 2018-10-15 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0513 | 1 Phpcms | 1 Phpcms | 2018-10-15 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840. | |||||
| CVE-2008-0489 | 1 Clansphere | 1 Clansphere | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-0488 | 1 Vb Marketing | 1 Vb Marketing | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. | |||||
| CVE-2008-0481 | 1 Web Wiz | 1 Rich Text Editor | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action. | |||||
| CVE-2008-0480 | 1 Web Wiz | 1 Web Wiz Forums | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. | |||||
| CVE-2008-0479 | 1 Web Wiz | 1 Newspad | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. | |||||
| CVE-2008-0418 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | |||||
| CVE-2008-0405 | 1 Hfs | 1 Http File Server | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | |||||
| CVE-2008-0396 | 1 Bitdefender | 1 Update Server | 2018-10-15 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. | |||||
| CVE-2008-0361 | 1 Instituto Politicnico Nacional | 1 Gradman | 2018-10-15 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter. | |||||
| CVE-2008-0332 | 1 Aria | 1 Aria | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2008-0252 | 1 Cherrypy | 1 Cherrypy | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. | |||||
| CVE-2008-0231 | 1 Tuned Studios | 7 Classic Theme, Endless, Freeze Theme and 4 more | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. | |||||
| CVE-2008-0184 | 1 Prenotazioni On Line | 1 Syshotel On Line System | 2018-10-15 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. | |||||
| CVE-2008-0156 | 1 Million Dollar Script | 1 Million Dollar Script | 2018-10-15 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter. | |||||
| CVE-2008-0196 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. | |||||
| CVE-2008-0194 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. | |||||
| CVE-2008-0094 | 1 Modxcms | 1 Modxcms | 2018-10-15 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. | |||||
| CVE-2008-0068 | 1 Hp | 1 Openview Network Node Manager | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. | |||||
| CVE-2007-6662 | 1 Cutephp | 1 Cutenews | 2018-10-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | |||||
| CVE-2007-6651 | 1 Bitweaver | 1 Bitweaver | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | |||||
| CVE-2007-6567 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2018-10-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action. | |||||
| CVE-2007-6528 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. | |||||
| CVE-2007-6508 | 1 Xecms | 1 Xecms | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. | |||||
| CVE-2007-6483 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2007-6453 | 1 Raiden Professional Servers | 1 Raidenhttpd | 2018-10-15 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | |||||
| CVE-2007-6471 | 1 Phpay | 1 Phpay | 2018-10-15 | 5.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. | |||||