Export limit exceeded: 16295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8644 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6604 | 1 Xcms | 1 Xcms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. | ||||
| CVE-2007-6612 | 1 Mongrel | 1 Mongrel | 2025-04-09 | N/A |
| Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e"). | ||||
| CVE-2007-6624 | 1 Pnphpbb | 1 Pnphpbb | 2025-04-09 | N/A |
| Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | ||||
| CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | N/A |
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | ||||
| CVE-2008-0794 | 1 Affiliate Market | 1 Affiliate Market | 2025-04-09 | N/A |
| Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2008-0840 | 1 Publicwarehouse | 1 Lightblog | 2025-04-09 | N/A |
| Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. | ||||
| CVE-2008-5993 | 1 Barcodephp | 1 Barcodegen 1d | 2025-04-09 | N/A |
| Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter. | ||||
| CVE-2008-6002 | 1 Web-cp | 1 Web-cp | 2025-04-09 | N/A |
| Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter. | ||||
| CVE-2009-1031 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request. | ||||
| CVE-2009-4050 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-09 | N/A |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1409 | 1 Exero | 1 Exero Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php. | ||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5953 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2025-04-09 | N/A |
| Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI. | ||||
| CVE-2008-2820 | 1 Azimyt | 1 Open Azimyt Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2008-2838 | 1 Traindepot | 1 Traindepot | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter. | ||||
| CVE-2008-2993 | 1 Fog | 1 Fog Forum | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3) fog_pseudo, (4) fog_posted, (5) fog_password, and (6) fog_cook parameters. | ||||
| CVE-2008-5965 | 1 Lokicms | 1 Lokicms | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-6735 | 1 Thaiquickcart | 1 Thaiquickcart | 2025-04-09 | N/A |
| Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie. | ||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2025-04-09 | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | ||||
| CVE-2009-3733 | 2 Linux, Vmware | 4 Linux Kernel, Esx, Esxi and 1 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. | ||||