Search Results (9677 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5821 1 Dm Guestbook 1 Dm Guestbook 2026-04-23 N/A
Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.
CVE-2008-2483 1 Xomol 1 Xomol Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter.
CVE-2008-1125 1 Podcast Generator 1 Podcast Generator 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.
CVE-2008-0221 1 Gateway 1 Weblaunch 2026-04-23 N/A
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
CVE-2009-3151 1 Ultrize 1 Timesheet 2026-04-23 N/A
Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2008-3164 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
CVE-2008-0259 1 Minimal Design 1 Minimal Gallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
CVE-2008-2876 1 Munky 1 Munky 2026-04-23 N/A
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
CVE-2009-1770 1 Flyspeck 1 Flyspeck Cms 2026-04-23 N/A
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0814 1 Truc 1 Truc 2026-04-23 N/A
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
CVE-2008-2961 1 Cmsmini 1 Cms Mini 2026-04-23 N/A
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
CVE-2008-0158 1 Shop-script 1 Shop-script 2026-04-23 N/A
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
CVE-2008-0357 1 Galaxyscripts 1 Mini File Host 2026-04-23 N/A
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2008-0818 1 Freephpgallery 1 Freephpgallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
CVE-2007-5306 1 Yannick Tanguy 1 Else If Cms 2026-04-23 N/A
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
CVE-2007-5694 1 Sitebar 1 Sitebar 2026-04-23 N/A
Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.
CVE-2008-6878 1 Zen Cart 1 Zen Cart 2026-04-23 N/A
Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVE-2008-0742 1 Powerscripts 1 Powernews 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVE-2008-4483 1 Crux Software 1 Gallery 2026-04-23 N/A
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2007-5782 1 Fireconfig 1 Fireconfig 2026-04-23 N/A
Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.