Total
6541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4894 | 1 Tribiq | 1 Tribiq Cms | 2024-11-21 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c. | |||||
| CVE-2008-4875 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password. | |||||
| CVE-2008-4797 | 1 Arihiro Kurta | 1 Kantan Web Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2008-4781 | 1 Easy-script | 1 Myktools | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. | |||||
| CVE-2008-4780 | 1 Easy-script | 1 Myforum | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | |||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-4759 | 1 Buzzscripts | 1 Buzzywall | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-4758 | 1 Php-daily | 1 Php-daily | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2008-4741 | 1 Far-php | 1 Far-php | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
| CVE-2008-4740 | 1 Tinycms | 1 Tinycms | 2024-11-21 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter. | |||||
| CVE-2008-4739 | 1 Plugspace | 1 Plugspace | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter. | |||||
| CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | |||||
| CVE-2008-4712 | 1 Lnblog | 1 Lnblog | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter. | |||||
| CVE-2008-4707 | 1 Sylvain Pasquet | 1 Bbzl Php | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter. | |||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. | |||||
| CVE-2008-4668 | 1 Joomla | 2 Com Imagebrowser, Joomla | 2024-11-21 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. | |||||
| CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter. | |||||
| CVE-2008-4662 | 1 Lokicms | 1 Lokicms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||