Filtered by CWE-22
Total 9490 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-1652 1 Perlbal 1 Perlbal 2026-04-23 N/A
Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2091 1 Kubelabs 1 Kubelance 2026-04-23 N/A
Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.
CVE-2008-1371 1 Drake Team 1 Drake Cms 2026-04-23 N/A
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3366 1 Plohni 1 An Image Gallery 2026-04-23 N/A
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
CVE-2007-5069 1 Massimo Chioni 1 Mobile Entertainment Module 2026-04-23 N/A
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
CVE-2008-0545 1 Bubbling Library 1 Bubbling Library 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
CVE-2008-1653 1 Savas Place 1 Savas Link Manager 2026-04-23 N/A
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3846 2 Subversion, Tortoisesvn 2 Subversion, Tortoisesvn 2026-04-23 N/A
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
CVE-2009-4581 1 Roseonlinecms 1 Roseonlinecms 2026-04-23 9.8 Critical
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.
CVE-2008-1564 1 File-transfer 1 File Transfer 2026-04-23 N/A
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
CVE-2009-0113 1 Joomla 2 Joomla, Xstandard 2026-04-23 N/A
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
CVE-2008-4668 1 Joomla 2 Com Imagebrowser, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVE-2008-1571 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
CVE-2009-0392 1 Motorola 1 Cpei300 2026-04-23 N/A
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
CVE-2009-3167 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2009-2449 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter.
CVE-2008-1642 1 Savas Place 1 Savas Guestbook 2026-04-23 N/A
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1857 1 Mole 1 Make Our Life Easy 2026-04-23 N/A
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2009-4435 1 Compmaster.prv.pl 1 F3site 2026-04-23 N/A
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
CVE-2008-1324 1 Leinir 1 Travelsized Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1325.