Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6624 | 1 Pnphpbb | 1 Pnphpbb | 2024-11-21 | N/A |
| Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | ||||
| CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. | ||||
| CVE-2007-6621 | 1 Joovili | 1 Joovili | 2024-11-21 | N/A |
| Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | ||||
| CVE-2007-6620 | 1 Joovili | 1 Joovili | 2024-11-21 | N/A |
| Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | ||||
| CVE-2007-6612 | 1 Mongrel | 1 Mongrel | 2024-11-21 | N/A |
| Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e"). | ||||
| CVE-2007-6604 | 1 Xcms | 1 Xcms | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. | ||||
| CVE-2007-6584 | 1 1024 Cms | 1 1024 Cms | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1. | ||||
| CVE-2007-6582 | 1 C97net | 1 Mblog | 2024-11-21 | N/A |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | ||||
| CVE-2007-6581 | 1 Social Engine | 1 Social Engine | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/. | ||||
| CVE-2007-6567 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2024-11-21 | N/A |
| Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action. | ||||
| CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | ||||
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2024-11-21 | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | ||||
| CVE-2007-6528 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. | ||||
| CVE-2007-6508 | 1 Xecms | 1 Xecms | 2024-11-21 | N/A |
| Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. | ||||
| CVE-2007-6483 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2024-11-21 | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | ||||
| CVE-2007-6475 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2024-11-21 | N/A |
| Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php. | ||||
| CVE-2007-6471 | 1 Phpay | 1 Phpay | 2024-11-21 | N/A |
| Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. | ||||
| CVE-2007-6453 | 1 Raiden Professional Servers | 1 Raidenhttpd | 2024-11-21 | N/A |
| Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | ||||
| CVE-2007-6404 | 2 Microsoft, Shttp | 2 Windows, Shttp | 2024-11-21 | N/A |
| Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | ||||
| CVE-2007-6400 | 1 Poldoc | 1 Poldoc Document Management System | 2024-11-21 | N/A |
| Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter. | ||||