Total
6542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2600 | 1 Akiva | 1 Webboard | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2009-2557 | 1 Adminnewstools | 1 Admin News Tools | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2009-2552 | 1 Supersimple | 1 Super Simple Blog Script | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter. | |||||
| CVE-2009-2546 | 1 Anelectron | 1 Advanced Electron Forum | 2024-11-21 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2544 | 2 Marcelo Costa, Microsoft | 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2009-2449 | 1 Adbnewssender | 1 Adbnewssender | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter. | |||||
| CVE-2009-2444 | 1 Adbnewssender | 1 Adbnewssender | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php. | |||||
| CVE-2009-2398 | 1 Php-sugar | 1 Php-sugar | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter. | |||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2009-2379 | 1 Bigace | 1 Bigace Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||
| CVE-2009-2338 | 1 Freewebshop | 1 Freewebshop | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter. | |||||
| CVE-2009-2333 | 1 Cms.tut.su | 1 Cms Chainuk | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php. | |||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | |||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | |||||
| CVE-2009-2275 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | |||||
| CVE-2009-2265 | 1 Fckeditor | 1 Fckeditor | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. | |||||
| CVE-2009-2263 | 1 Awesomephp | 1 Mega File Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2024-11-21 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | |||||
| CVE-2009-2229 | 1 Kasseler-cms | 1 Kasseler Cms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2024-11-21 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | |||||