Total
5592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4756 | 1 Ghisler | 1 Total Commander | 2024-02-04 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-0760 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483. | |||||
| CVE-2008-0259 | 1 Minimal Design | 1 Minimal Gallery | 2024-02-04 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. | |||||
| CVE-2007-5684 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. | |||||
| CVE-2006-6047 | 1 Etomite | 1 Etomite | 2024-02-04 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2008-1042 | 1 Linux Web Shop | 1 Php Download Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. | |||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2024-02-04 | 4.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | |||||
| CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | |||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | |||||
| CVE-2007-5820 | 1 Ax Developer Cms | 1 Ax Developer Cms | 2024-02-04 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2007-6230 | 1 Rayzz | 1 Rayzz Script | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter. | |||||
| CVE-2008-0814 | 1 Truc | 1 Truc | 2024-02-04 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. | |||||
| CVE-2007-4976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2024-02-04 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter. | |||||
| CVE-2008-0545 | 1 Bubbling Library | 1 Bubbling Library | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521. | |||||
| CVE-2007-0898 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. | |||||
| CVE-2007-6214 | 1 Learnloop | 1 Learnloop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database. | |||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | |||||
| CVE-2007-5417 | 1 Boastmachine | 1 Boastmachine | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-5055 | 1 Izicontents | 1 Izicontents | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php. | |||||
| CVE-2008-1178 | 1 Centreon | 1 Centreon | 2024-02-04 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119. | |||||