Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0094 | 1 Modxcms | 1 Modxcms | 2024-11-21 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. | |||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0068 | 1 Hp | 1 Openview Network Node Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. | |||||
| CVE-2007-6736 | 1 G.rodola | 1 Pyftpdlib | 2024-11-21 | 6.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. | |||||
| CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2024-11-21 | 5.0 MEDIUM | N/A |
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | |||||
| CVE-2007-6662 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | |||||
| CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6651 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | |||||
| CVE-2007-6648 | 1 Sanybee Gallery | 1 Sanybee Gallery | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | |||||
| CVE-2007-6624 | 1 Pnphpbb | 1 Pnphpbb | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||||
| CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. | |||||
| CVE-2007-6621 | 1 Joovili | 1 Joovili | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | |||||
| CVE-2007-6620 | 1 Joovili | 1 Joovili | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | |||||
| CVE-2007-6612 | 1 Mongrel | 1 Mongrel | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e"). | |||||
| CVE-2007-6604 | 1 Xcms | 1 Xcms | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. | |||||
| CVE-2007-6584 | 1 1024 Cms | 1 1024 Cms | 2024-11-21 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1. | |||||
| CVE-2007-6582 | 1 C97net | 1 Mblog | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | |||||
| CVE-2007-6581 | 1 Social Engine | 1 Social Engine | 2024-11-21 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/. | |||||
| CVE-2007-6567 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action. | |||||
| CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | |||||