Total
8016 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1310 | 1 Packettrap | 1 Pt360 Tool Suite | 2025-04-09 | N/A |
| Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. | ||||
| CVE-2008-2635 | 1 Barad Dur | 1 Bitkinex | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||||
| CVE-2009-3515 | 1 Marcin Manek | 1 D.net Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. | ||||
| CVE-2009-0753 | 1 Mldonkey | 1 Mldonkey | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename. | ||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2025-04-09 | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | ||||
| CVE-2008-2666 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. | ||||
| CVE-2007-6185 | 1 Eurologon | 1 Eurologon Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. | ||||
| CVE-2008-2672 | 1 Erfurtwiki | 1 Erfurtwiki | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php. | ||||
| CVE-2009-0735 | 1 Papoo | 1 Papoo | 2025-04-09 | N/A |
| Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2025-04-09 | N/A |
| Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter. | ||||
| CVE-2009-3508 | 1 Fcgphilipp | 1 Mujecms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php. | ||||
| CVE-2008-1284 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Horde | 2025-04-09 | N/A |
| Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | ||||
| CVE-2008-5518 | 2 Apache, Microsoft | 2 Geronimo, Windows | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet. | ||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | ||||
| CVE-2007-5920 | 1 Picoflat Cms | 1 Picoflat Cms | 2025-04-09 | N/A |
| index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0722 | 1 Potato-scripts | 1 Potato News | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter. | ||||
| CVE-2008-0654 | 1 Azucar Cms | 1 Azucar Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php. | ||||
| CVE-2006-5031 | 1 Cakephp | 1 Cakephp | 2025-04-09 | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | ||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | ||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2025-04-09 | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | ||||