Total
8590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0291 | 1 Openx | 1 Openx | 2025-04-09 | N/A |
| Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. | ||||
| CVE-2009-0880 | 2 Ibm, Microsoft | 2 Director, Windows | 2025-04-09 | N/A |
| Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | ||||
| CVE-2008-2898 | 1 Hedgehog-cms | 1 Hedgehog-cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||||
| CVE-2007-5174 | 1 Actsite | 1 Actsite | 2025-04-09 | N/A |
| Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. | ||||
| CVE-2008-5748 | 1 Bloofox | 1 Bloofoxcms | 2025-04-09 | 8.1 High |
| Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | ||||
| CVE-2009-0886 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-09 | N/A |
| Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. | ||||
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2025-04-09 | 7.5 High |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||||
| CVE-2008-2459 | 1 Entertainmentscript | 1 Entertainmentscript | 2025-04-09 | N/A |
| Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | ||||
| CVE-2007-5306 | 1 Yannick Tanguy | 1 Else If Cms | 2025-04-09 | N/A |
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | ||||
| CVE-2009-0932 | 1 Debian | 2 Horde, Horde Groupware | 2025-04-09 | N/A |
| Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. | ||||
| CVE-2008-1281 | 1 Argontechnology | 1 Client Management Services | 2025-04-09 | N/A |
| Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2007-4726 | 1 Weboddity | 1 Weboddity | 2025-04-09 | N/A |
| Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2025-04-09 | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | ||||
| CVE-2009-4315 | 1 Nuggetz | 1 Nuggetz Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code. | ||||
| CVE-2007-4718 | 1 Claroline | 1 Claroline | 2025-04-09 | N/A |
| Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2009-3249 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files. | ||||
| CVE-2008-0814 | 1 Truc | 1 Truc | 2025-04-09 | N/A |
| Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. | ||||
| CVE-2009-2546 | 1 Anelectron | 1 Advanced Electron Forum | 2025-04-09 | N/A |
| Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||||
| CVE-2009-1936 | 1 Cpcommerce Project | 1 Cpcommerce | 2025-04-09 | 9.8 Critical |
| _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | ||||