Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1751 | 1 Ksemail | 1 Ksemail | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. | |||||
| CVE-2008-1755 | 1 Zekewalker | 1 World Of Phaos | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2008-1798 | 1 Dragoon | 1 Dragoon | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter. | |||||
| CVE-2008-1799 | 1 Sabros.us | 1 Sabros.us | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. | |||||
| CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-1856 | 1 Linpha | 1 Linpha | 2017-09-29 | 5.1 MEDIUM | N/A |
| plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | |||||
| CVE-2008-1857 | 1 Mole | 1 Make Our Life Easy | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters. | |||||
| CVE-2008-1861 | 1 Exbb | 1 Exbb Italia | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter. | |||||
| CVE-2008-1908 | 1 Cpcommerce | 1 Cpcommerce | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php. | |||||
| CVE-2008-1885 | 1 Cdnetworks | 1 Download Client | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-1962 | 1 Chimaera | 1 Aterr | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) class parameter to include/functions.inc.php and the (2) file parameter to include/common.inc.php. | |||||
| CVE-2008-2015 | 1 Watchfire | 1 Appscan | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | |||||
| CVE-2007-4902 | 1 Ultra Shareware | 1 Ultra Crypto Component | 2017-09-29 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method. | |||||
| CVE-2007-6322 | 1 Xml2owl | 1 Xml2owl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6323 | 1 Mms Gallery | 1 Mms Gallery Php | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/. | |||||
| CVE-2007-4908 | 1 Auracms | 1 Auracms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter. | |||||
| CVE-2007-4957 | 1 Chupix | 1 Chupix Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire parameter, or create arbitrary directories via a .. (dot dot) in the (3) repertoire parameter. | |||||
| CVE-2007-4982 | 1 Mw6 Technologies | 1 Qrcode Activex | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4983 | 1 Cowon America | 1 Jetaudio | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. | |||||
| CVE-2007-4058 | 1 Emc | 1 Vmware | 2017-09-29 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. | |||||
| CVE-2007-5017 | 1 Yahoo | 1 Messenger | 2017-09-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | |||||
| CVE-2007-5055 | 1 Izicontents | 1 Izicontents | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php. | |||||
| CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | |||||
| CVE-2007-5110 | 1 Eb Design Pty Ltd | 1 Ebcrypt | 2017-09-29 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5219 | 1 Cyberlink | 1 Powerdvd | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method. | |||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | |||||
| CVE-2007-6344 | 1 Mcms | 1 Easy Web Make | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-4641 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file. | |||||
| CVE-2007-4585 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2007-5446 | 1 Perfection Bytes | 1 Pbemail | 2017-09-29 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method. | |||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2017-09-29 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | |||||
| CVE-2007-3936 | 1 A-shop | 1 A-shop | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | |||||
| CVE-2007-4726 | 1 Weboddity | 1 Weboddity | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | |||||
| CVE-2007-6233 | 1 Ftp Admin | 1 Ftp Admin | 2017-09-29 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | |||||
| CVE-2007-6290 | 1 Iptel | 1 Serweb | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||||
| CVE-2007-4805 | 1 Fuzzylime | 1 Fuzzylime | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter. | |||||
| CVE-2007-4820 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2017-09-29 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter. | |||||
| CVE-2007-4890 | 1 Microsoft | 1 Visual Studio | 2017-09-29 | 5.8 MEDIUM | N/A |
| Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. | |||||
| CVE-2007-4031 | 1 Nessus | 1 Vulnerability Scanner | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | |||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | |||||
| CVE-2007-5489 | 1 Artmedic Webdesign | 1 Artmedic Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-5620 | 1 Zehnet | 1 Zz Flashchat | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5642 | 1 Phppm | 1 Php Project Management | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/. | |||||
| CVE-2007-5674 | 1 Instaguide | 1 Weather | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | |||||
| CVE-2007-5731 | 1 Apache | 1 Jakarta Slide | 2017-09-29 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. | |||||
| CVE-2007-5812 | 1 Modulebuilder | 1 Modulebuilder | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-5782 | 1 Fireconfig | 1 Fireconfig | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||