Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2665 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. | |||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | |||||
| CVE-2008-2635 | 1 Barad Dur | 1 Bitkinex | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-2519 | 1 Core Ftp | 1 Core Ftp | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2512 | 1 Symantec | 1 Backupexec System Recovery | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-2511 | 1 Ca | 1 Internet Security Suite Plus 2008 | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2495 | 1 Pancake | 1 Zina | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter. | |||||
| CVE-2008-2483 | 1 Xomol | 1 Xomol Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter. | |||||
| CVE-2008-2482 | 1 Insanevisions | 1 Onecms | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action. | |||||
| CVE-2008-2459 | 1 Entertainmentscript | 1 Entertainmentscript | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2008-2439 | 1 Trend Micro | 2 Officescan, Worry Free Business Security | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2415 | 1 Digitalhive | 1 Digitalhive | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-2403 | 1 Sun | 1 Java Asp Server | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method. | |||||
| CVE-2008-2399 | 2 Fireftp, Mozilla | 2 Fireftp, Firefox | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2370 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. | |||||
| CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | |||||
| CVE-2008-2353 | 1 Gnugallery | 1 Gnugallery | 2024-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
| CVE-2008-2352 | 1 Smeego | 1 Smeego | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie. | |||||
| CVE-2008-2350 | 1 Bcoos | 1 Bcoos | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. | |||||