Filtered by CWE-22
Total 9509 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-3708 1 Dotcms 1 Dotcms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
CVE-2007-5491 1 Sitebar 1 Sitebar 2026-04-23 N/A
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
CVE-2008-3128 1 Pivot 1 Pivot 2026-04-23 N/A
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
CVE-2008-2512 1 Symantec 1 Backupexec System Recovery 2026-04-23 N/A
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2009-3535 1 Allisclear 1 Clear Content 2026-04-23 N/A
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
CVE-2007-5776 1 Blue-collar Productions 1 I-gallery 2026-04-23 N/A
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.
CVE-2009-2183 1 Campware.org 1 Campsite 2026-04-23 N/A
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.
CVE-2008-2969 1 Yektaweb 1 Academic Web Tools 2026-04-23 N/A
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
CVE-2007-5694 1 Sitebar 1 Sitebar 2026-04-23 N/A
Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.
CVE-2008-0338 1 Miniweb Http Server 1 Miniweb Http Server 2026-04-23 N/A
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
CVE-2007-6620 1 Joovili 1 Joovili 2026-04-23 N/A
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2008-6083 1 Txtshop 1 Txtshop 2026-04-23 N/A
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2009-1519 1 Pecio-cms 1 Pecio Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
CVE-2009-1502 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
CVE-2008-2894 1 Nch Software 1 Nch Software Classic Ftp 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2009-2037 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
CVE-2007-6672 1 Mortbay Jetty 1 Jetty 2026-04-23 N/A
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
CVE-2007-4663 1 Php 1 Php 2026-04-23 N/A
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
CVE-2007-4008 1 Entertainment Cms 1 Entertainment Cms 2026-04-23 N/A
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
CVE-2009-4194 1 Kmint21 1 Golden Ftp Server 2026-04-23 8.1 High
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.