Total
7600 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2073 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | ||||
| CVE-2009-3787 | 1 Vivvo | 1 Vivvo | 2025-04-09 | N/A |
| files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | ||||
| CVE-2007-6185 | 1 Eurologon | 1 Eurologon Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. | ||||
| CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | ||||
| CVE-2008-2353 | 1 Gnugallery | 1 Gnugallery | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | ||||
| CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2025-04-09 | N/A |
| Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | ||||
| CVE-2008-3194 | 1 Pluck | 1 Pluck | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter. | ||||
| CVE-2008-2352 | 1 Smeego | 1 Smeego | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie. | ||||
| CVE-2008-3192 | 1 Sclek | 1 Jsite | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | ||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | ||||
| CVE-2008-4181 | 1 Netenberg | 1 Fantastico De Luxe | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||||
| CVE-2007-4957 | 1 Chupix | 1 Chupix Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire parameter, or create arbitrary directories via a .. (dot dot) in the (3) repertoire parameter. | ||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2025-04-09 | N/A |
| Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI. | ||||
| CVE-2009-3425 | 1 Databay | 1 Maxcms | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | ||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2025-04-09 | N/A |
| Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | ||||
| CVE-2007-6662 | 1 Cutephp | 1 Cutenews | 2025-04-09 | N/A |
| Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | ||||
| CVE-2008-2342 | 1 News Manager | 1 News Manager | 2025-04-09 | N/A |
| Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | ||||
| CVE-2009-1624 | 1 Dew-code | 1 Dew-newphplinks | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter. | ||||
| CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2025-04-09 | N/A |
| Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2008-2185 | 1 Toocharger | 1 Smartblog | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||