Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0259 1 Minimal Design 1 Minimal Gallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
CVE-2008-6253 1 Pluck-cms 1 Pluck 2026-04-23 N/A
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
CVE-2009-3149 1 Curveriderhq 1 Elgg 2026-04-23 N/A
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2787 2 Punbb, Reputation 2 Punbb, Reputation 2026-04-23 N/A
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
CVE-2008-3087 1 Kasseler-cms 1 Kasseler Cms 2026-04-23 N/A
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
CVE-2007-6086 1 Vigilecms 1 Vigilecms 2026-04-23 N/A
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
CVE-2009-0645 1 Jaws 1 Jaws 2026-04-23 N/A
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
CVE-2008-0481 1 Web Wiz 1 Rich Text Editor 2026-04-23 N/A
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
CVE-2008-0361 1 Instituto Politicnico Nacional 1 Gradman 2026-04-23 N/A
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
CVE-2008-6825 1 Trixbox 1 Trixbox 2026-04-23 N/A
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
CVE-2008-3190 1 1scripts 1 Codedb 2026-04-23 N/A
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-1651 1 Myiosoft 1 Easynews 2026-04-23 N/A
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-5771 1 Phpweather 1 Phpweather 2026-04-23 N/A
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
CVE-2008-0782 1 Moinmoin 1 Moinmoin 2026-04-23 N/A
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
CVE-2007-5092 1 Multimedia 1 Dance Music Module For Phpnuke 2026-04-23 N/A
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php.
CVE-2009-2037 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
CVE-2007-6528 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
CVE-2008-1493 1 Cuteflow-bin 1 Cuteflow Bin 2026-04-23 N/A
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2007-5069 1 Massimo Chioni 1 Mobile Entertainment Module 2026-04-23 N/A
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
CVE-2008-1751 1 Ksemail 1 Ksemail 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.