Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5965 1 Lokicms 1 Lokicms 2026-04-23 N/A
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
CVE-2009-3515 1 Marcin Manek 1 D.net Cms 2026-04-23 N/A
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2008-3593 1 Syzygycms 1 Syzygycms 2026-04-23 N/A
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-6502 1 Prochatrooms 1 Pro Chat Rooms 2026-04-23 N/A
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1) an individual user or (2) a room, leading to cross-site request forgery (CSRF), cross-site scripting (XSS), or other impacts.
CVE-2008-1415 1 Riceball 1 Multiple Time Sheets 2026-04-23 N/A
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
CVE-2008-1653 1 Savas Place 1 Savas Link Manager 2026-04-23 N/A
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4454 1 Mysql Quick Admin 1 Mysql Quick Admin 2026-04-23 N/A
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1352 1 Hangzhou Network Technology Development 1 Ediorcms 2026-04-23 N/A
Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the _SearchTemplate parameter during a Title search.
CVE-2008-5265 1 Tntforum 1 Tnt Forum 2026-04-23 N/A
Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.
CVE-2009-3216 1 Wiccle 1 Iwiccle 2026-04-23 N/A
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
CVE-2008-0361 1 Instituto Politicnico Nacional 1 Gradman 2026-04-23 N/A
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
CVE-2009-1649 1 Bicluc 1 Belive 2026-04-23 N/A
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
CVE-2008-3446 1 Letterit 1 Letterit 2026-04-23 N/A
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2009-2397 1 Audioarticledirectory 1 Audio Article Directory 2026-04-23 N/A
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
CVE-2008-4281 1 Vmware 2 Esx, Esxi 2026-04-23 N/A
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
CVE-2008-0513 1 Phpcms 1 Phpcms 2026-04-23 N/A
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
CVE-2008-0703 1 Sflog 1 Sflog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
CVE-2009-2968 1 Vmware 1 Studio 2026-04-23 N/A
Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors.
CVE-2008-6505 1 Apache 1 Struts 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
CVE-2008-5594 1 Bpowerhouse 1 Mini Blog 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.