Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3912 | 1 Tftgallery | 1 Tftgallery | 2009-11-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter. | |||||
| CVE-2009-3693 | 2 Hp, Persits | 2 Loadrunner, Xupload | 2009-10-13 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method. | |||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2009-10-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3284 | 1 Phpspot | 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more | 2009-09-24 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2009-3124 | 1 Ipmotor | 1 Quarkmail | 2009-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. | |||||
| CVE-2008-6505 | 1 Apache | 1 Struts | 2009-08-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x. | |||||
| CVE-2009-2659 | 1 Django Project | 1 Django | 2009-08-12 | 5.0 MEDIUM | N/A |
| The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. | |||||
| CVE-2009-2658 | 1 Znc | 1 Znc | 2009-08-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. | |||||
| CVE-2008-4454 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2009-07-23 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2009-07-14 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | |||||
| CVE-2009-2222 | 1 Php.s3 | 1 Php-i-board | 2009-07-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | |||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2009-06-25 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | |||||
| CVE-2009-1161 | 1 Cisco | 10 Ciscoworks Common Services, Ciscoworks Health And Utilization Monitor, Ciscoworks Lan Management Solution and 7 more | 2009-06-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. | |||||
| CVE-2009-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2009-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable). | |||||
| CVE-2004-2717 | 1 Php Heaven | 1 Phpmychat | 2009-04-03 | 2.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters. | |||||
| CVE-2009-0766 | 1 Bookelves | 1 Kipper | 2009-03-06 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0615 | 1 Cisco | 2 Application Control Engine Device Manager, Application Networking Manager | 2009-03-03 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions." | |||||
| CVE-2007-6376 | 1 Francisco Burzi | 1 Php-nuke | 2008-11-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2840 | 1 Exerocms | 1 Exero Cms | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | |||||