Search Results (9573 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6335 1 Emetrix 1 Online Keyword Research Tool 2026-04-23 N/A
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2009-4216 1 Klinza 1 Klinza Professional Cms 2026-04-23 N/A
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
CVE-2008-0231 1 Tuned Studios 7 Classic Theme, Endless, Freeze Theme and 4 more 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
CVE-2008-7240 1 Linuxwebshop 1 Php User Base 2026-04-23 N/A
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
CVE-2008-4181 1 Netenberg 1 Fantastico De Luxe 2026-04-23 N/A
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2009-4205 1 Ringsworld 1 Flashlight Free Edition 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2007-5742 1 Wesnoth 1 Wesnoth 2026-04-23 N/A
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
CVE-2009-4192 1 Interspire 1 Knowledge Manager 2026-04-23 N/A
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2444 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.
CVE-2008-4330 1 Lansuite 1 Lansuite 2026-04-23 N/A
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
CVE-2008-4331 1 Phpocs 1 Phpocs 2026-04-23 N/A
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php.
CVE-2008-4346 1 Talkback 1 Talkback 2026-04-23 N/A
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
CVE-2009-2449 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter.
CVE-2009-0753 1 Mldonkey 1 Mldonkey 2026-04-23 N/A
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
CVE-2009-4116 1 Cutephp 1 Cutenews 2026-04-23 N/A
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.
CVE-2008-4797 1 Arihiro Kurta 1 Kantan Web Server 2026-04-23 N/A
Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.
CVE-2009-4088 1 Telepark 1 Telepark.wiki 2026-04-23 N/A
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
CVE-2008-4759 1 Buzzscripts 1 Buzzywall 2026-04-23 N/A
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
CVE-2008-4741 1 Far-php 1 Far-php 2026-04-23 N/A
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
CVE-2008-4739 1 Plugspace 1 Plugspace 2026-04-23 N/A
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.