Search Results (9712 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1219 2 Com Janews, Joomla 2 Com Janews, Joomla 2025-04-11 N/A
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-0246 1 Ecava 1 Integraxor 2025-04-11 N/A
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server.
CVE-2012-0998 1 Lepton-cms 1 Lepton 2025-04-11 N/A
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
CVE-2010-0501 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
CVE-2009-4901 2 Muscle, Redhat 3 Pcsc-lite, Certificate System, Enterprise Linux 2025-04-11 N/A
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
CVE-2009-4946 2 Joomla, Thetricky 2 Joomla\!, Com Messaging 2025-04-11 N/A
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4978 1 Tufat 1 Mybackup 2025-04-11 N/A
Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2009-5067 1 Html2ps Project 1 Html2ps 2025-04-11 N/A
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
CVE-2010-0154 1 Ibm 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware 2025-04-11 N/A
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability."
CVE-2010-1717 1 If Surfalert Project 1 If Surfalert 2025-04-11 N/A
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1722 2 Dev.pucit.edu.pk, Joomla 2 Com Market, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-0284 2 Microsoft, Novell 2 Windows, Access Manager 2025-04-11 N/A
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
CVE-2010-1081 2 Corejoomla, Joomla 2 Com Communitypolls, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4013 2 Canonical, Debian 3 Ubuntu Linux, Debian Linux, Lintian 2025-04-11 9.8 Critical
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
CVE-2013-2988 1 Ibm 1 Cognos Business Intelligence 2025-04-11 N/A
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.
CVE-2009-4723 1 Netpet 1 Netpet Cms 2025-04-11 N/A
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2009-4725 1 Arabportal 1 Arab Portal 2025-04-11 N/A
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2009-4726 1 Olivier Michaud Pierre-yves 1 Quickdev4php 2025-04-11 N/A
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-4740 1 Typo3 2 Typo3, Ws Ecard 2025-04-11 N/A
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
CVE-2010-1307 2 Joomla, Software.realtyna 2 Joomla\!, Com Joomlaupdater 2025-04-11 N/A
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.