Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0113 | 1 Joomla | 2 Joomla, Xstandard | 2024-11-21 | N/A |
| Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. | ||||
| CVE-2008-7262 | 1 G.rodola | 1 Pyftpdlib | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command. | ||||
| CVE-2008-7254 | 1 Ermenegildo Fiorito | 1 Irmin Cms | 2024-11-21 | N/A |
| Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2024-11-21 | N/A |
| Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | ||||
| CVE-2008-7178 | 1 Xoops | 2 Uploader, Xoops | 2024-11-21 | N/A |
| Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php. | ||||
| CVE-2008-7176 | 1 Celina Jorge | 1 Facil Cms | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload parameter to modules.php. | ||||
| CVE-2008-7163 | 1 Sinecms | 1 Sinecms | 2024-11-21 | N/A |
| Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter. | ||||
| CVE-2008-7142 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. | ||||
| CVE-2008-7110 | 1 Kyoceramita | 1 Scanner File Utility | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request. | ||||
| CVE-2008-7093 | 1 Unica | 1 Affinium Campaign | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to Campaign/CampaignListener. | ||||
| CVE-2008-7090 | 1 Pligg | 1 Pligg Cms | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php. | ||||
| CVE-2008-7084 | 1 Hirschelectronics | 1 Velocity Security Management System | 2024-11-21 | N/A |
| Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2008-7064 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2024-11-21 | N/A |
| Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. | ||||
| CVE-2008-7055 | 1 Visualshapers | 1 Ezcontents | 2024-11-21 | N/A |
| module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function. | ||||
| CVE-2008-7054 | 1 Visualshapers | 1 Ezcontents | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php. | ||||
| CVE-2008-6933 | 1 Minigal | 1 Minigal | 2024-11-21 | N/A |
| Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter. | ||||
| CVE-2008-6926 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2024-11-21 | N/A |
| Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. | ||||
| CVE-2008-6901 | 1 2532gigs | 1 2532gigs | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585. | ||||
| CVE-2008-6884 | 1 Xoops | 1 Xoops | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. | ||||
| CVE-2008-6878 | 1 Zen Cart | 1 Zen Cart | 2024-11-21 | N/A |
| Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths. | ||||