Total
9507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6581 | 1 Social Engine | 1 Social Engine | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/. | ||||
| CVE-2007-6317 | 1 Real Time Logic | 2 Barracudadrive Web Server, Barracudadrive Web Server Home Server | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. | ||||
| CVE-2007-6331 | 1 Hp | 2 Info Center, Quick Launch Button | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. | ||||
| CVE-2008-2017 | 1 Chilkat Software | 1 Chicomas | 2026-04-23 | N/A |
| Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/. | ||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2026-04-23 | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | ||||
| CVE-2007-1126 | 1 Xt-commerce | 1 Xt-commerce | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | ||||
| CVE-2008-1534 | 1 Powerscripts | 1 Powerphpboard | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php. | ||||
| CVE-2008-1933 | 1 Microsoft | 1 Zune Software | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run. | ||||
| CVE-2008-1884 | 1 Wikepage | 1 Opus | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418. | ||||
| CVE-2007-4764 | 1 Pawfaliki | 1 Pawfaliki | 2026-04-23 | N/A |
| Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6368 | 1 Ezcontents | 1 Ezcontents | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter. | ||||
| CVE-2008-1696 | 1 Dazphp | 1 Dazphpnews | 2026-04-23 | N/A |
| Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter. | ||||
| CVE-2008-1799 | 1 Sabros.us | 1 Sabros.us | 2026-04-23 | N/A |
| Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. | ||||
| CVE-2009-1912 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php. | ||||
| CVE-2008-1751 | 1 Ksemail | 1 Ksemail | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. | ||||
| CVE-2007-6344 | 1 Mcms | 1 Easy Web Make | 2026-04-23 | N/A |
| Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. | ||||
| CVE-2008-0615 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2026-04-23 | N/A |
| Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters. | ||||
| CVE-2009-2132 | 1 4homepages | 1 4images | 2026-04-23 | N/A |
| Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. | ||||
| CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | ||||
| CVE-2008-1571 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||||