Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6404 | 2 Microsoft, Shttp | 2 Windows, Shttp | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | |||||
| CVE-2007-6397 | 1 Flat Php | 1 Board | 2018-10-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action. | |||||
| CVE-2007-6378 | 1 Badblue | 1 Badblue | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2007-6368 | 1 Ezcontents | 1 Ezcontents | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter. | |||||
| CVE-2007-6331 | 1 Hp | 2 Info Center, Quick Launch Button | 2018-10-15 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. | |||||
| CVE-2007-6317 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2018-10-15 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. | |||||
| CVE-2007-6185 | 1 Eurologon | 1 Eurologon Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. | |||||
| CVE-2007-6086 | 1 Vigilecms | 1 Vigilecms | 2018-10-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | |||||
| CVE-2007-5960 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | |||||
| CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||||
| CVE-2007-5823 | 1 Scribe | 1 Scribe | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action. | |||||
| CVE-2007-5815 | 1 Sonicwall | 2 Ssl Vpn2000\/4000, Ssl Vpn 200 | 2018-10-15 | 10.0 HIGH | N/A |
| Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. | |||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | |||||
| CVE-2007-5776 | 1 Blue-collar Productions | 1 I-gallery | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | |||||
| CVE-2007-5739 | 1 Ghlab | 1 Korean Ghboard | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2007-5732 | 1 Elouai | 1 Force Download | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally. | |||||
| CVE-2007-5706 | 1 Jeeblestechnology | 1 Jeebles Directory | 2018-10-15 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | |||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2018-10-15 | 5.0 MEDIUM | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | |||||
| CVE-2007-5650 | 1 Reloadcms | 1 Reloadcms | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php. | |||||
| CVE-2007-5484 | 1 Wwwisis | 1 Wwwisis | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter to iah. | |||||
| CVE-2007-5463 | 1 Viart | 1 Shop | 2018-10-15 | 5.0 MEDIUM | N/A |
| ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. | |||||
| CVE-2007-5417 | 1 Boastmachine | 1 Boastmachine | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-5364 | 1 Viart | 1 Shopping Cart | 2018-10-15 | 10.0 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php. | |||||
| CVE-2007-5311 | 1 Torrenttrader | 1 Torrenttrader | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter. | |||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | |||||
| CVE-2007-5092 | 1 Multimedia | 1 Dance Music Module For Phpnuke | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php. | |||||
| CVE-2007-5069 | 1 Massimo Chioni | 1 Mobile Entertainment Module | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter. | |||||
| CVE-2007-5050 | 1 Neuron News | 1 Neuron News | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter. | |||||
| CVE-2007-4976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-15 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. | |||||
| CVE-2007-4962 | 1 Winimage | 1 Winimage | 2018-10-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4843 | 1 X-diesel | 1 Unreal Commander | 2018-10-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4842 | 1 Enriva Development | 1 Magellan Explorer | 2018-10-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4825 | 1 Php | 1 Php | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. | |||||
| CVE-2007-4756 | 1 Ghisler | 1 Total Commander | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4545 | 1 X-diesel | 1 Unreal Commander | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. | |||||
| CVE-2007-4457 | 1 Florian Mahieu | 1 Dalai Forum | 2018-10-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. | |||||
| CVE-2007-4134 | 1 Redhat | 1 Fedora | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | |||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2018-10-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | |||||
| CVE-2015-0016 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2018-10-12 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." | |||||
| CVE-2013-0084 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2018-10-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." | |||||
| CVE-2004-0847 | 1 Microsoft | 1 Asp.net | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | |||||
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2018-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
| CVE-2018-15138 | 1 Ericssonlg | 1 Ipecs Nms | 2018-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | |||||
| CVE-2018-14429 | 1 Man-cgi Project | 1 Man-cgi | 2018-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | |||||
| CVE-2018-10510 | 2 Microsoft, Trendmicro | 2 Windows, Control Manager | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. | |||||
| CVE-2009-0497 | 1 Igniterealtime | 1 Openfire | 2018-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter. | |||||
| CVE-2009-0392 | 1 Motorola | 1 Cpei300 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-0291 | 1 Openx | 1 Openx | 2018-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. | |||||
| CVE-2009-0288 | 1 Windows Tftp Utility | 1 Tftputil | 2018-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. | |||||