Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5209 | 1 Admidio | 1 Admidio | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-5201 | 1 Otmanager | 1 Otmanager Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-5171 | 1 Phpblaster | 1 Phpblaster Cms | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters. | |||||
| CVE-2008-5062 | 1 Smolinari | 1 Mini Web Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter. | |||||
| CVE-2008-5204 | 1 Poweraward | 1 Poweraward | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | |||||
| CVE-2008-4913 | 1 Lokicms | 1 Lokicms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||||
| CVE-2008-4781 | 1 Easy-script | 1 Myktools | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. | |||||
| CVE-2008-4780 | 1 Easy-script | 1 Myforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | |||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-4759 | 1 Buzzscripts | 1 Buzzywall | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-4758 | 1 Php-daily | 1 Php-daily | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2008-4740 | 1 Tinycms | 1 Tinycms | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter. | |||||
| CVE-2008-4739 | 1 Plugspace | 1 Plugspace | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter. | |||||
| CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | |||||
| CVE-2008-4712 | 1 Lnblog | 1 Lnblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter. | |||||
| CVE-2008-4707 | 1 Sylvain Pasquet | 1 Bbzl Php | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter. | |||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. | |||||
| CVE-2008-4668 | 1 Joomla | 2 Com Imagebrowser, Joomla | 2017-09-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. | |||||
| CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter. | |||||
| CVE-2008-4632 | 1 Kure | 1 Kure | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters. | |||||
| CVE-2008-4626 | 1 Zirkon Box | 1 Yappa-ng | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter. | |||||
| CVE-2008-4602 | 1 Qualityunit | 1 Post Affiliate Pro | 2017-09-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter. | |||||
| CVE-2008-4592 | 1 Sportspanel | 1 Sports Clubs Web Portal | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |||||
| CVE-2008-4528 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action. | |||||
| CVE-2008-4526 | 1 Customcms | 1 Ccms | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php. | |||||
| CVE-2008-4519 | 1 Fastpublish | 1 Fastpublish Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php. | |||||
| CVE-2008-4522 | 1 Jesse-web | 1 Jmweb Mp3 Music Audio Search And Download Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php. | |||||
| CVE-2008-4490 | 1 Phpabook | 1 Phpabook | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie. | |||||
| CVE-2008-4486 | 1 Yerba | 1 Yerba | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2008-4483 | 1 Crux Software | 1 Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-4425 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. | |||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI. | |||||
| CVE-2008-4351 | 1 Phpsmartcom | 1 Phpsmartcom | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter. | |||||
| CVE-2008-4346 | 1 Talkback | 1 Talkback | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371. | |||||
| CVE-2008-4331 | 1 Phpocs | 1 Phpocs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php. | |||||
| CVE-2008-4330 | 1 Lansuite | 1 Lansuite | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter. | |||||
| CVE-2008-4243 | 1 Epic Games | 1 Unreal Tournament 3 | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-4187 | 1 Proactive Cms | 1 Proactive Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2008-4181 | 1 Netenberg | 1 Fantastico De Luxe | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-4158 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters. | |||||
| CVE-2008-4155 | 1 Easybrik | 1 Easysite | 2017-09-29 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php. | |||||
| CVE-2008-3087 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module. | |||||
| CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-3926 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php. | |||||
| CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | |||||
| CVE-2008-2215 | 1 Pbcs | 1 Project-based Calendaring System | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php. | |||||
| CVE-2008-2217 | 1 Mario Valdez | 1 Content Management System | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter. | |||||
| CVE-2008-3727 | 1 Microworld Technologies | 1 Mailscan | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||