Total
6542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4449 | 1 Mybboard | 1 Mybb | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | |||||
| CVE-2009-4435 | 1 Compmaster.prv.pl | 1 F3site | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | |||||
| CVE-2009-4434 | 1 Idevspot | 1 Isupport | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter. | |||||
| CVE-2009-4427 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||
| CVE-2009-4426 | 1 Launchpad | 1 Ignition | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. | |||||
| CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-11-21 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | |||||
| CVE-2009-4415 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. | |||||
| CVE-2009-4383 | 1 Rocomotion | 1 P Forum | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | |||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | |||||
| CVE-2009-4315 | 1 Nuggetz | 1 Nuggetz Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code. | |||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | |||||
| CVE-2009-4231 | 1 Basic-cms | 1 Sweetrice | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter. | |||||
| CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | |||||
| CVE-2009-4205 | 1 Ringsworld | 1 Flashlight Free Edition | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2009-4202 | 2 Joomla, Omilenitsolutions | 2 Joomla\!, Com Omphotogallery | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | |||||
| CVE-2009-4194 | 1 Kmint21 | 1 Golden Ftp Server | 2024-11-21 | 6.0 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4154 | 1 Elxis | 1 Elxis Cms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 3.5 LOW | N/A |
| Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | |||||
| CVE-2009-4088 | 1 Telepark | 1 Telepark.wiki | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. | |||||