Search Results (9562 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0766 1 Bookelves 1 Kipper 2026-04-23 N/A
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7117 1 Kubix 1 Kubix 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
CVE-2008-0758 1 Group Logic 2 Extremez-ip File Server, Extremez-ip Print Server 2026-04-23 N/A
Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
CVE-2007-4829 3 Archive\, Canonical, Redhat 3 \, Ubuntu Linux, Enterprise Linux 2026-04-23 N/A
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
CVE-2009-4231 1 Basic-cms 1 Sweetrice 2026-04-23 N/A
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
CVE-2009-3211 1 Dimofinf 1 Infinity Script 2026-04-23 N/A
Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the options[style_dir] parameter to the default URI.
CVE-2008-0465 1 Seagullproject.org 1 Seagull 2026-04-23 N/A
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
CVE-2009-4216 1 Klinza 1 Klinza Professional Cms 2026-04-23 N/A
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2026-04-23 N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2009-3284 1 Phpspot 6 Php \& Css Bbs, Php Bbs, Php Bbs Ce and 3 more 2026-04-23 N/A
Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2008-4773 1 Questwork 1 Questcms 2026-04-23 N/A
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-6424 1 Jun Sota 1 Ffftp 2026-04-23 N/A
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
CVE-2009-4205 1 Ringsworld 1 Flashlight Free Edition 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2009-0244 1 Microsoft 1 Windows Mobile 2026-04-23 8.8 High
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-5620 1 Zehnet 1 Zz Flashchat 2026-04-23 N/A
Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter.
CVE-2009-3181 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php.
CVE-2009-2600 1 Akiva 1 Webboard 2026-04-23 N/A
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
CVE-2009-4202 2 Joomla, Omilenitsolutions 2 Joomla\!, Com Omphotogallery 2026-04-23 N/A
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
CVE-2007-6623 1 Zeuscms 1 Zeuscms 2026-04-23 N/A
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2008-6271 1 Tbmnet 1 Tbmnetcms 2026-04-23 N/A
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.