Search Results (9560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1498 1 Idb 1 Idb 2026-04-23 N/A
Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter in a settings action to profile.php.
CVE-2008-5883 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
CVE-2008-5604 1 Drennansoft 1 My Simple Forum 2026-04-23 N/A
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2009-1161 1 Cisco 10 Ciscoworks Common Services, Ciscoworks Health And Utilization Monitor, Ciscoworks Lan Management Solution and 7 more 2026-04-23 N/A
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2008-5748 1 Bloofox 1 Bloofoxcms 2026-04-23 8.1 High
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
CVE-2009-3425 1 Databay 1 Maxcms 2026-04-23 N/A
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
CVE-2008-6183 1 Myphpindexer 1 My Php Indexer 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
CVE-2009-0841 2 Osgeo, Umn 2 Mapserver, Mapserver 2026-04-23 N/A
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-1415 1 Riceball 1 Multiple Time Sheets 2026-04-23 N/A
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
CVE-2009-2600 1 Akiva 1 Webboard 2026-04-23 N/A
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
CVE-2007-6212 1 Google 1 Kml 2026-04-23 N/A
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
CVE-2008-1119 1 Centreon 1 Centreon 2026-04-23 N/A
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2009-1737 1 Diqiye 1 Mypic 2026-04-23 N/A
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
CVE-2008-4437 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
CVE-2008-5728 1 Netcat 1 Netcat 2026-04-23 N/A
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.
CVE-2008-5894 1 Mediatheka 1 Mediatheka 2026-04-23 N/A
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-2702 1 Estsoft 1 Alftp 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2008-4522 1 Jesse-web 1 Jmweb Mp3 Music Audio Search And Download Script 2026-04-23 N/A
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
CVE-2008-5587 1 Phppgadmin 1 Phppgadmin 2026-04-23 N/A
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
CVE-2009-0423 1 Kevin Walker 1 Php Photo Album 2026-04-23 N/A
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.