Filtered by CWE-22
Total 9495 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-2546 1 Anelectron 1 Advanced Electron Forum 2026-04-23 N/A
Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0602 1 All Club Cms 1 All Club Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the class_name parameter.
CVE-2007-6648 1 Sanybee Gallery 1 Sanybee Gallery 2026-04-23 N/A
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
CVE-2008-6901 1 2532gigs 1 2532gigs 2026-04-23 N/A
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585.
CVE-2009-2166 2 Ocsinventory-ng, Unix 2 Ocs Inventory Ng, Unix 2026-04-23 N/A
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
CVE-2008-1565 2 Hotscripts, Phpbb 2 Pjirc, Pjirc Module 2026-04-23 N/A
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
CVE-2009-3181 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php.
CVE-2007-4902 1 Ultra Shareware 1 Ultra Crypto Component 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.
CVE-2008-1537 1 Powerscripts 1 Powerbook 2026-04-23 N/A
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-2779 1 Globalscape 1 Cuteftp 2026-04-23 N/A
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-6662 1 Cutephp 1 Cutenews 2026-04-23 N/A
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
CVE-2008-3365 2 Microsoft, Pixelpost 7 Windows, Windows-nt, Windows 2000 and 4 more 2026-04-23 N/A
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
CVE-2008-6195 1 Landesk 1 Landesk Management Suite 2026-04-23 N/A
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.
CVE-2007-4820 1 Sisfo Kampus 1 Sisfo Kampus 2026-04-23 N/A
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
CVE-2007-6612 1 Mongrel 1 Mongrel 2026-04-23 N/A
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
CVE-2007-3936 1 A-shop 1 A-shop 2026-04-23 N/A
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.
CVE-2008-3087 1 Kasseler-cms 1 Kasseler Cms 2026-04-23 N/A
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
CVE-2007-6554 1 George Lewe 1 Teamcal Pro 2026-04-23 N/A
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
CVE-2008-2942 1 Mercurial 1 Mercurial 2026-04-23 N/A
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
CVE-2009-0680 1 Netgear 1 Ssl312 2026-04-23 N/A
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.