Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5956 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-29 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||||
| CVE-2007-5920 | 1 Picoflat Cms | 1 Picoflat Cms | 2017-07-29 | 6.8 MEDIUM | N/A |
| index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2017-07-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | |||||
| CVE-2007-5454 | 1 Php File Sharing System | 1 Php File Sharing System | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter. | |||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | |||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2017-07-29 | 4.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | |||||
| CVE-2007-4764 | 1 Pawfaliki | 1 Pawfaliki | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2017-07-29 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | |||||
| CVE-2007-4683 | 1 Apple | 1 Mac Os X | 2017-07-29 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | |||||
| CVE-2007-4663 | 1 Php | 1 Php | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | |||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2017-07-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | |||||
| CVE-2007-4471 | 1 Intuit | 1 Quickbooks | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-4220 | 1 Motorola | 1 Timbuktu | 2017-07-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. | |||||
| CVE-2007-4062 | 1 Nessus | 1 Vulnerability Scanner | 2017-07-29 | 7.8 HIGH | N/A |
| The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. | |||||
| CVE-2007-3874 | 1 Altiris | 1 Deployment Solution | 2017-07-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2007-3846 | 2 Subversion, Tortoisesvn | 2 Subversion, Tortoisesvn | 2017-07-29 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. | |||||
| CVE-2007-2836 | 1 Hiki | 1 Hiki | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | |||||
| CVE-2007-1773 | 1 Unverse.net | 1 Abitwhizzy | 2017-07-29 | 2.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. | |||||
| CVE-2007-1076 | 1 Phptraffica | 1 Phptraffica | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. | |||||
| CVE-2007-1042 | 1 Xpression News | 1 Xpression News | 2017-07-29 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||