Search Results (9674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3787 1 Vivvo 1 Vivvo 2026-04-23 N/A
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
CVE-2008-4454 1 Mysql Quick Admin 1 Mysql Quick Admin 2026-04-23 N/A
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0822 1 Scribe 1 Scribe 2026-04-23 N/A
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-6551 1 E-vision 1 E-vision Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.
CVE-2007-4709 1 Apple 1 Mac Os X 2026-04-23 N/A
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
CVE-2009-4626 1 Phpnagios 1 Phpnagios 2026-04-23 N/A
Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.
CVE-2008-0184 1 Prenotazioni On Line 1 Syshotel On Line System 2026-04-23 N/A
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.
CVE-2008-3190 1 1scripts 1 Codedb 2026-04-23 N/A
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2007-5813 1 Ispworker 1 Ispworker 2026-04-23 N/A
Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.
CVE-2008-0703 1 Sflog 1 Sflog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
CVE-2008-5968 1 Phpicalendar 1 Phpicalendar 2026-04-23 N/A
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
CVE-2008-0140 1 Uebimiau 1 Webmail 2026-04-23 N/A
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
CVE-2007-5927 1 Openbase International Ltd 1 Openbase 2026-04-23 8.1 High
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
CVE-2007-3072 1 Mozilla 1 Firefox 2026-04-23 N/A
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
CVE-2009-0592 1 Pnphpbb 1 Pnphpbb2 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
CVE-2007-5826 1 Edraw 1 Flowchart Activex 2026-04-23 N/A
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
CVE-2008-5881 1 Playsms 1 Playsms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php.
CVE-2009-4426 1 Launchpad 1 Ignition 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
CVE-2007-6653 1 Mihalism 1 Multi Host 2026-04-23 N/A
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-3693 2 Hp, Persits 2 Loadrunner, Xupload 2026-04-23 N/A
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.