Search Results (9576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1912 1 Webspell 1 Webspell 2026-04-23 N/A
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVE-2008-0521 1 Bubbling Library 1 Bubbling Library 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
CVE-2008-2889 1 Wise-ftp 1 Wise-ftp 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2009-2313 1 Jinzora 1 Jinzora 2026-04-23 N/A
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
CVE-2008-6335 1 Emetrix 1 Online Keyword Research Tool 2026-04-23 N/A
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2009-2338 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter.
CVE-2008-0091 1 Agency4net 1 Webftp 2026-04-23 N/A
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-0156 1 Million Dollar Script 1 Million Dollar Script 2026-04-23 N/A
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
CVE-2008-6410 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
CVE-2009-2444 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.
CVE-2008-2966 1 Jaxultrabb 1 Jaxultrabb 2026-04-23 N/A
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
CVE-2009-1911 2 Claudio Klingler, Tinywebgallery 2 Quixplorer, Tinywebgallery 2026-04-23 N/A
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php.
CVE-2007-4820 1 Sisfo Kampus 1 Sisfo Kampus 2026-04-23 N/A
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
CVE-2009-3123 1 Visavi 1 Wap-motor 2026-04-23 N/A
Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.
CVE-2007-1126 1 Xt-commerce 1 Xt-commerce 2026-04-23 N/A
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2007-5005 2 Broadcom, Ca 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites 2026-04-23 N/A
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.
CVE-2007-5927 1 Openbase International Ltd 1 Openbase 2026-04-23 8.1 High
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
CVE-2007-4756 1 Ghisler 1 Total Commander 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2009-2333 1 Cms.tut.su 1 Cms Chainuk 2026-04-23 N/A
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php.
CVE-2008-7055 1 Visualshapers 1 Ezcontents 2026-04-23 N/A
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.