Search Results (9560 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0818 1 Freephpgallery 1 Freephpgallery 2026-04-23 N/A
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
CVE-2009-0457 1 Magtrb 1 Aja Portal 2026-04-23 N/A
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
CVE-2008-4780 1 Easy-script 1 Myforum 2026-04-23 N/A
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
CVE-2009-2161 1 Torrenttrader 1 Torrenttrader Classic 2026-04-23 N/A
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.
CVE-2009-2184 1 Gravy-media 1 Media Photo Host 2026-04-23 N/A
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
CVE-2008-4741 1 Far-php 1 Far-php 2026-04-23 N/A
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
CVE-2008-4764 2 Extplorer, Joomla 2 Com Extplorer, Joomla\! 2026-04-23 N/A
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-4773 1 Questwork 1 Questcms 2026-04-23 N/A
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-4781 1 Easy-script 1 Myktools 2026-04-23 N/A
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
CVE-2008-2993 1 Fog 1 Fog Forum 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3) fog_pseudo, (4) fog_posted, (5) fog_password, and (6) fog_cook parameters.
CVE-2008-4797 1 Arihiro Kurta 1 Kantan Web Server 2026-04-23 N/A
Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.
CVE-2008-1885 1 Cdnetworks 1 Download Client 2026-04-23 N/A
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2008-2969 1 Yektaweb 1 Academic Web Tools 2026-04-23 N/A
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
CVE-2009-0331 1 Quirm 1 Espg 2026-04-23 N/A
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
CVE-2008-6877 1 Zen Cart 1 Zen Cart 2026-04-23 N/A
Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVE-2007-1126 1 Xt-commerce 1 Xt-commerce 2026-04-23 N/A
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2007-6581 1 Social Engine 1 Social Engine 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.
CVE-2008-6834 1 Fuzzylime 1 Fuzzylime \(cms\) 2026-04-23 N/A
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
CVE-2008-2978 1 Ourvideocms 1 Ourvideo Cms 2026-04-23 N/A
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
CVE-2008-1861 1 Exbb 1 Exbb Italia 2026-04-23 N/A
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.