Total
7574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3486 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-09 | N/A |
| Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. | ||||
| CVE-2008-3190 | 1 1scripts | 1 Codedb | 2025-04-09 | N/A |
| Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2008-2976 | 1 Tinx Cms | 1 Tinx Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php. | ||||
| CVE-2008-3164 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected. | ||||
| CVE-2008-3149 | 1 F5 | 1 Firepass 1200 | 2025-04-09 | N/A |
| The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. | ||||
| CVE-2007-5802 | 1 Firewolf Technologies | 1 Synergiser | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | ||||
| CVE-2008-3128 | 1 Pivot | 1 Pivot | 2025-04-09 | N/A |
| Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter. | ||||
| CVE-2008-0196 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. | ||||
| CVE-2009-0932 | 1 Debian | 2 Horde, Horde Groupware | 2025-04-09 | N/A |
| Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. | ||||
| CVE-2008-2073 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | ||||
| CVE-2009-4415 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. | ||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2025-04-09 | N/A |
| Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | ||||
| CVE-2007-0205 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. | ||||
| CVE-2008-3036 | 1 Cms Little | 1 Cms Little | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. | ||||
| CVE-2008-0094 | 1 Modxcms | 1 Modxcms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. | ||||
| CVE-2008-3031 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2008-2978 | 1 Ourvideocms | 1 Ourvideo Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter. | ||||
| CVE-2008-2985 | 1 Cmreams | 1 Cmreams Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter. | ||||
| CVE-2007-1042 | 1 Xpression News | 1 Xpression News | 2025-04-09 | N/A |
| Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2974 | 1 Mm Chat | 1 Mm Chat | 2025-04-09 | N/A |
| Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter. | ||||