Total
8021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4962 | 1 Winimage | 1 Winimage | 2025-04-09 | N/A |
| Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2010-0157 | 2 Joomla, Joomlabiblestudy | 2 Joomla\!, Com Biblestudy | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. | ||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | ||||
| CVE-2007-4902 | 1 Ultra Shareware | 1 Ultra Crypto Component | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method. | ||||
| CVE-2007-5826 | 1 Edraw | 1 Flowchart Activex | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | ||||
| CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2025-04-09 | N/A |
| Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | ||||
| CVE-2009-4383 | 1 Rocomotion | 1 P Forum | 2025-04-09 | N/A |
| Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | ||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | ||||
| CVE-2007-4829 | 3 Archive\, Canonical, Redhat | 3 \, Ubuntu Linux, Enterprise Linux | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. | ||||
| CVE-2006-5487 | 1 Marshal | 1 Mailmarshal Smtp | 2025-04-09 | N/A |
| Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. | ||||
| CVE-2009-2925 | 1 Djcalendar | 1 Djcalendar | 2025-04-09 | N/A |
| Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. | ||||
| CVE-2007-5844 | 1 Guppy | 1 Guppy | 2025-04-09 | N/A |
| Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | ||||
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2025-04-09 | 7.5 High |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||||
| CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | ||||
| CVE-2007-0205 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. | ||||
| CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | ||||
| CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. | ||||
| CVE-2008-1221 | 1 Microworld Technologies | 3 Escan, Escan Management Console, Escan Server | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command. | ||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | ||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | ||||