Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3535 | 1 Allisclear | 1 Clear Content | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect. | |||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | |||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | |||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2925 | 1 Djcalendar | 1 Djcalendar | 2017-09-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. | |||||
| CVE-2009-3064 | 1 Rein Velt | 1 Vedit | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter. | |||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2017-09-19 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||||
| CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2017-09-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||||
| CVE-2009-3053 | 2 Joomla, Jvitals | 2 Joomla, Com Agora | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. | |||||
| CVE-2009-3167 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2009-2611 | 1 Gander | 1 Myfusion | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter. | |||||
| CVE-2009-3181 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php. | |||||
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2017-09-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2009-3216 | 1 Wiccle | 1 Iwiccle | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php. | |||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2017-09-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | |||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | |||||
| CVE-2009-2552 | 1 Supersimple | 1 Super Simple Blog Script | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. | |||||
| CVE-2009-2229 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2009-3219 | 1 The-ghost | 1 Ar Web Content Manager | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. | |||||
| CVE-2009-3249 | 1 Vtiger | 1 Vtiger Crm | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files. | |||||
| CVE-2009-2220 | 1 Tribiq | 1 Tribiq Cms | 2017-09-19 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894. | |||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | |||||
| CVE-2009-4202 | 2 Joomla, Omilenitsolutions | 2 Joomla\!, Com Omphotogallery | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | |||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | |||||
| CVE-2009-3366 | 1 Plohni | 1 An Image Gallery | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | |||||
| CVE-2009-2544 | 2 Marcelo Costa, Microsoft | 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2009-2333 | 1 Cms.tut.su | 1 Cms Chainuk | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php. | |||||
| CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | |||||
| CVE-2009-3425 | 1 Databay | 1 Maxcms | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | |||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter. | |||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||
| CVE-2009-3508 | 1 Fcgphilipp | 1 Mujecms | 2017-09-19 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php. | |||||
| CVE-2009-3825 | 1 Thomas Graber | 1 Gencms | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. | |||||
| CVE-2009-3824 | 1 Michael J Greenwood | 1 Php Content Manager | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. | |||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2017-09-19 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | |||||
| CVE-2009-3823 | 1 Ac4p | 1 Mobilelib Gold | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. | |||||
| CVE-2009-2379 | 1 Bigace | 1 Bigace Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||
| CVE-2009-4205 | 1 Ringsworld | 1 Flashlight Free Edition | 2017-09-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2009-3534 | 1 Lionwiki | 1 Lionwiki | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-3561 | 1 Xerver | 1 Xerver | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | |||||
| CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2017-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | |||||
| CVE-2011-3487 | 1 Carel | 1 Plantvisor | 2017-09-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2014-0780 | 1 Indusoft | 1 Web Studio | 2017-09-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | |||||
| CVE-2017-12943 | 1 D-link | 2 Dir-600 B1, Dir-600 B1 Firmware | 2017-09-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | |||||