Search Results (9666 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5883 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
CVE-2010-0348 1 C-3.co.jp 1 Webcalenderc3 2026-04-23 N/A
Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.
CVE-2007-1138 1 Cromosoft 1 Simple Plantilla Php 2026-04-23 N/A
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
CVE-2008-4769 1 Wordpress 1 Wordpress 2026-04-23 N/A
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-0464 1 Absofort 1 Aconon Mail Enterprise Sql 2026-04-23 N/A
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2009-2449 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter.
CVE-2008-7142 1 Cpanel 1 Cpanel 2026-04-23 N/A
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
CVE-2008-4437 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
CVE-2008-6316 1 Phpmygallery 1 Phpmygallery 2026-04-23 N/A
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.
CVE-2008-2982 1 Homeph Design 1 Homeph Design 2026-04-23 N/A
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.
CVE-2007-4559 2 Python, Redhat 4 Python, Enterprise Linux, Rhel Eus and 1 more 2026-04-23 9.8 Critical
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVE-2009-4426 1 Launchpad 1 Ignition 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
CVE-2009-4626 1 Phpnagios 1 Phpnagios 2026-04-23 N/A
Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.
CVE-2007-4420 1 Edraw 1 Office Viewer Component 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
CVE-2008-4739 1 Plugspace 1 Plugspace 2026-04-23 N/A
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
CVE-2008-6126 1 Mozilo 1 Mozilocms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
CVE-2008-6290 1 Niclor 1 Include Sito 2026-04-23 N/A
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
CVE-2009-2338 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
CVE-2008-6172 2 Joomla, Weberr 2 Joomla, Rwcards 2026-04-23 N/A
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
CVE-2008-4759 1 Buzzscripts 1 Buzzywall 2026-04-23 N/A
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.