Total
7604 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2220 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894. | ||||
| CVE-2009-2222 | 1 Php.s3 | 1 Php-i-board | 2025-04-09 | N/A |
| Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | ||||
| CVE-2009-2223 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | N/A |
| Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible. | ||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | ||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2025-04-09 | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | ||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2025-04-09 | N/A |
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | ||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | ||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | ||||
| CVE-2009-2333 | 1 Cms.tut.su | 1 Cms Chainuk | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php. | ||||
| CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | ||||
| CVE-2009-2379 | 1 Bigace | 1 Bigace Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | ||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2025-04-09 | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | ||||
| CVE-2009-2444 | 1 Adbnewssender | 1 Adbnewssender | 2025-04-09 | N/A |
| Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php. | ||||
| CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2025-04-09 | N/A |
| Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | ||||
| CVE-2009-2544 | 2 Marcelo Costa, Microsoft | 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. | ||||
| CVE-2009-2552 | 1 Supersimple | 1 Super Simple Blog Script | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. | ||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2025-04-09 | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | ||||
| CVE-2009-2658 | 1 Znc | 1 Znc | 2025-04-09 | N/A |
| Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. | ||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | ||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | ||||