Search Results (9560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3823 1 Ac4p 1 Mobilelib Gold 2026-04-23 N/A
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
CVE-2007-6184 1 Project Alumni 1 Project Alumni 2026-04-23 N/A
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
CVE-2008-0822 1 Scribe 1 Scribe 2026-04-23 N/A
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-4187 1 Proactive Cms 1 Proactive Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2009-3694 1 Jdtmmsm 1 Ezrecipe-zee 2026-04-23 N/A
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter.
CVE-2008-3293 1 Ezwebalbum 1 Ezwebalbum 2026-04-23 N/A
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
CVE-2009-2151 1 Adaptweb 1 Adaptweb 2026-04-23 N/A
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
CVE-2008-0742 1 Powerscripts 1 Powernews 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVE-2009-0592 1 Pnphpbb 1 Pnphpbb2 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
CVE-2009-3508 1 Fcgphilipp 1 Mujecms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php.
CVE-2009-2100 2 Joomla, Joomlapraise 2 Joomla, Com Projectfork 2026-04-23 N/A
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2009-4202 2 Joomla, Omilenitsolutions 2 Joomla\!, Com Omphotogallery 2026-04-23 N/A
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
CVE-2008-4129 1 Gallery 1 Gallery 2026-04-23 N/A
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
CVE-2007-4723 2 Apache, Ragnarok Online Control Panel Project 2 Http Server, Ragnarok Online Control Panel 2026-04-23 N/A
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
CVE-2009-2176 1 Fuzzylime 1 Fuzzylime Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
CVE-2008-1696 1 Dazphp 1 Dazphpnews 2026-04-23 N/A
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
CVE-2009-3053 2 Joomla, Jvitals 2 Joomla, Com Agora 2026-04-23 N/A
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
CVE-2008-4455 1 Mysql Quick Admin 1 Mysql Quick Admin 2026-04-23 N/A
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie.
CVE-2008-3384 1 Cce-interact 1 Interact 2026-04-23 N/A
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
CVE-2008-7110 1 Kyoceramita 1 Scanner File Utility 2026-04-23 N/A
Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request.