Total
7466 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4350 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | ||||
| CVE-2010-4798 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | N/A |
| Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter. | ||||
| CVE-2009-4886 | 1 Bernhard Frohlich | 1 Phpcom | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php. | ||||
| CVE-2010-3863 | 2 Apache, Jsecurity | 2 Shiro, Jsecurity | 2025-04-11 | N/A |
| Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | ||||
| CVE-2009-4809 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2025-04-11 | N/A |
| Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter. | ||||
| CVE-2010-3867 | 1 Proftpd | 1 Proftpd | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | ||||
| CVE-2009-4815 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-11 | N/A |
| Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2009-4790 | 1 Sysax | 1 Multi Server | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4740 | 1 Typo3 | 2 Typo3, Ws Ecard | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. | ||||
| CVE-2009-4725 | 1 Arabportal | 1 Arab Portal | 2025-04-11 | N/A |
| Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | ||||
| CVE-2009-4723 | 1 Netpet | 1 Netpet Cms | 2025-04-11 | N/A |
| Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
| CVE-2009-4700 | 1 Skadate | 1 Skadate Online Dating Software | 2025-04-11 | N/A |
| Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter. | ||||
| CVE-2009-4683 | 1 Scriptsez | 1 Good\/bad Vote | 2025-04-11 | N/A |
| Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4679 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2025-04-11 | N/A |
| Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2009-4665 | 1 Cutesoft Components | 1 Cute Editor For Asp.net | 2025-04-11 | N/A |
| Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2009-4627 | 1 Dan Brown | 1 Moa Gallery | 2025-04-11 | N/A |
| Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614. | ||||
| CVE-2009-4626 | 1 Phpnagios | 1 Phpnagios | 2025-04-11 | N/A |
| Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter. | ||||
| CVE-2010-5278 | 1 Modx | 1 Modx Revolution | 2025-04-11 | N/A |
| Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-5380 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 6.7 Medium |
| Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation | ||||
| CVE-2011-2725 | 3 Canonical, Kde, Opensuse | 4 Ubuntu Linux, Ark, Kde Sc and 1 more | 2025-04-11 | N/A |
| Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. | ||||