Filtered by CWE-22
Total 9507 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-5149 1 Openbiblio 1 Openbiblio 2026-04-23 N/A
Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php.
CVE-2007-6397 1 Flat Php 1 Board 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
CVE-2007-4890 1 Microsoft 1 Visual Studio 2026-04-23 N/A
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
CVE-2007-5110 1 Eb Design Pty Ltd 1 Ebcrypt 2026-04-23 N/A
Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.
CVE-2007-6317 1 Real Time Logic 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server 2026-04-23 N/A
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
CVE-2009-0753 1 Mldonkey 1 Mldonkey 2026-04-23 N/A
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
CVE-2007-1138 1 Cromosoft 1 Simple Plantilla Php 2026-04-23 N/A
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
CVE-2008-2215 1 Pbcs 1 Project-based Calendaring System 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.
CVE-2008-0521 1 Bubbling Library 1 Bubbling Library 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
CVE-2008-0981 1 Spyce 1 Spyce 2026-04-23 N/A
Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2008-0338 1 Miniweb Http Server 1 Miniweb Http Server 2026-04-23 N/A
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
CVE-2008-2116 1 Scriptsez 1 Power Editor 2026-04-23 N/A
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
CVE-2007-4805 1 Fuzzylime 1 Fuzzylime 2026-04-23 N/A
Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter.
CVE-2007-4457 1 Florian Mahieu 1 Dalai Forum 2026-04-23 N/A
Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter.
CVE-2008-0431 1 Idmos 1 Idmos Cms 2026-04-23 N/A
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2009-3318 2 Breedveld, Joomla 2 Com Album, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
CVE-2007-4825 1 Php 1 Php 2026-04-23 N/A
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
CVE-2008-6825 1 Trixbox 1 Trixbox 2026-04-23 N/A
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
CVE-2008-2017 1 Chilkat Software 1 Chicomas 2026-04-23 N/A
Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.
CVE-2010-0348 1 C-3.co.jp 1 Webcalenderc3 2026-04-23 N/A
Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.