Search Results (9580 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1488 1 Rens Rikkerink 1 Fungamez 2026-04-23 N/A
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
CVE-2009-1486 1 Ninjadesigns 1 Flatchat 2026-04-23 N/A
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
CVE-2009-1479 1 Boxalino 1 Boxalino 2026-04-23 N/A
Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2009-1456 1 Stephane Rajalu 1 Malleo 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2009-1445 1 Ivano Culmine 1 Webportal Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
CVE-2009-1407 1 Wonko 1 Notftp 2026-04-23 N/A
Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter.
CVE-2009-1406 1 Sweetphp 1 Totalcalendar 2026-04-23 N/A
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
CVE-2009-1405 1 Pastel 1 Pastelcms 2026-04-23 N/A
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter.
CVE-2009-1368 1 Mozilo 1 Mozilocms 2026-04-23 N/A
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
CVE-2009-1319 1 Guestcal 1 Guest Cal 2026-04-23 N/A
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
CVE-2009-1318 1 Jamroom 1 Jamroom 2026-04-23 N/A
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.
CVE-2009-1246 1 Blogplus 1 Blogplus 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] parameter to includes/block_center_down.php; (2) row_mysql_blocks_center_top[file] includes/parameter to block_center_top.php; (3) row_mysql_blocks_left[file] parameter to includes/block_left.php; (4) row_mysql_blocks_right[file] parameter to includes/block_right.php; and row_mysql_bloginfo[theme] parameter to (5) includes/window_down.php and (6) includes/window_top.php.
CVE-2009-0722 1 Potato-scripts 1 Potato News 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
CVE-2009-0680 1 Netgear 1 Ssl312 2026-04-23 N/A
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
CVE-2009-0645 1 Jaws 1 Jaws 2026-04-23 N/A
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
CVE-2009-0640 1 Swannsecurity 1 Dvr4-securanet 2026-04-23 N/A
Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords.
CVE-2009-0615 1 Cisco 2 Application Control Engine Device Manager, Application Networking Manager 2026-04-23 N/A
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
CVE-2009-0596 1 Phpskelsite 1 Phpskelsite 2026-04-23 N/A
Directory traversal vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the TplSuffix parameter.
CVE-2009-0592 1 Pnphpbb 1 Pnphpbb2 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
CVE-2009-0570 1 Ninjadesigns 1 Mailist 2026-04-23 N/A
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.