Total
7987 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | ||||
| CVE-2008-0405 | 1 Hfs | 1 Http File Server | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | ||||
| CVE-2009-1161 | 1 Cisco | 10 Ciscoworks Common Services, Ciscoworks Health And Utilization Monitor, Ciscoworks Lan Management Solution and 7 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. | ||||
| CVE-2008-0418 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | ||||
| CVE-2008-0458 | 1 Slaed | 1 Slaed Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php. | ||||
| CVE-2008-0488 | 1 Vb Marketing | 1 Vb Marketing | 2025-04-09 | N/A |
| Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. | ||||
| CVE-2008-0513 | 1 Phpcms | 1 Phpcms | 2025-04-09 | N/A |
| Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840. | ||||
| CVE-2008-0559 | 1 Nilsons Blogger | 1 Nilsons Blogger | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php. | ||||
| CVE-2008-4780 | 1 Easy-script | 1 Myforum | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | ||||
| CVE-2008-0602 | 1 All Club Cms | 1 All Club Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter. | ||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | ||||
| CVE-2008-0742 | 1 Powerscripts | 1 Powernews | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators. | ||||
| CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-09 | N/A |
| Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | ||||
| CVE-2008-0745 | 1 Domphp | 1 Domphp | 2025-04-09 | N/A |
| Directory traversal vulnerability in aides/index.php in DomPHP 0.82 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-5658 | 1 Php | 1 Php | 2025-04-09 | N/A |
| Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. | ||||
| CVE-2008-0758 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename. | ||||
| CVE-2008-0760 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483. | ||||
| CVE-2008-0812 | 1 Banpro | 1 Net Banpro Dms | 2025-04-09 | N/A |
| Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter. | ||||
| CVE-2008-0813 | 1 Xpweb | 1 Xpweb | 2025-04-09 | N/A |
| Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | ||||
| CVE-2008-0905 | 1 Meo | 1 Globsy | 2025-04-09 | N/A |
| Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||