Export limit exceeded: 363761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9581 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1774 1 Strawberry 1 Strawberry 2026-04-23 N/A
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2258 1 Netgear 2 Dg632, Dg632 Firmware 2026-04-23 N/A
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
CVE-2008-3149 1 F5 1 Firepass 1200 2026-04-23 N/A
The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.
CVE-2008-0521 1 Bubbling Library 1 Bubbling Library 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
CVE-2009-3515 1 Marcin Manek 1 D.net Cms 2026-04-23 N/A
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2009-3898 2 F5, Nginx 2 Nginx, Nginx 2026-04-23 N/A
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
CVE-2008-0513 1 Phpcms 1 Phpcms 2026-04-23 N/A
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
CVE-2008-1415 1 Riceball 1 Multiple Time Sheets 2026-04-23 N/A
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
CVE-2007-6623 1 Zeuscms 1 Zeuscms 2026-04-23 N/A
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2009-4427 1 Phpldapadmin Project 1 Phpldapadmin 2026-04-23 N/A
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
CVE-2008-6668 1 Dirk Bartley 1 Nweb2fax 2026-04-23 N/A
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
CVE-2008-6659 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
CVE-2009-0722 1 Potato-scripts 1 Potato News 2026-04-23 N/A
Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.
CVE-2008-0479 1 Web Wiz 1 Newspad 2026-04-23 N/A
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
CVE-2009-0371 1 Sitexs Cms 1 Sitexs Cms 2026-04-23 N/A
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2009-2265 1 Fckeditor 1 Fckeditor 2026-04-23 N/A
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
CVE-2009-2444 1 Adbnewssender 1 Adbnewssender 2026-04-23 N/A
Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.
CVE-2009-4426 1 Launchpad 1 Ignition 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
CVE-2009-3507 1 Jean-michel Wyttenbach 1 Cmsphp 2026-04-23 N/A
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
CVE-2008-3150 1 Neutrino-cms 1 Atomic Edition 2026-04-23 N/A
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.