Security Vulnerabilities, CVEs, Published In March 2007 (Directory traversal)
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
Max CVSS
2.6
EPSS Score
1.00%
Published
2007-03-30
Updated
2017-07-29
Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
Max CVSS
7.5
EPSS Score
4.74%
Published
2007-03-28
Updated
2017-10-11
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
Max CVSS
7.5
EPSS Score
1.89%
Published
2007-03-23
Updated
2017-10-11
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
Max CVSS
7.5
EPSS Score
1.79%
Published
2007-03-23
Updated
2017-10-11
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
Max CVSS
7.5
EPSS Score
1.89%
Published
2007-03-23
Updated
2017-10-19
Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files
Max CVSS
5.0
EPSS Score
0.43%
Published
2007-03-22
Updated
2024-04-11
Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
Max CVSS
5.0
EPSS Score
2.00%
Published
2007-03-21
Updated
2017-10-11
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
Max CVSS
7.5
EPSS Score
0.73%
Published
2007-03-20
Updated
2018-10-16
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
Max CVSS
4.3
EPSS Score
2.13%
Published
2007-03-20
Updated
2018-10-16
Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
Max CVSS
4.3
EPSS Score
1.12%
Published
2007-03-20
Updated
2017-10-19
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
Max CVSS
5.0
EPSS Score
2.00%
Published
2007-03-20
Updated
2017-10-10
Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter.
Max CVSS
4.3
EPSS Score
2.00%
Published
2007-03-20
Updated
2018-10-16
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
Max CVSS
5.0
EPSS Score
1.72%
Published
2007-03-16
Updated
2017-10-11
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation
Max CVSS
7.5
EPSS Score
0.77%
Published
2007-03-16
Updated
2024-04-11
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
Max CVSS
9.0
EPSS Score
1.60%
Published
2007-03-14
Updated
2018-10-16
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
Max CVSS
4.3
EPSS Score
0.43%
Published
2007-03-14
Updated
2018-10-16
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
Max CVSS
5.0
EPSS Score
1.40%
Published
2007-03-13
Updated
2018-10-16
Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter.
Max CVSS
5.0
EPSS Score
2.18%
Published
2007-03-10
Updated
2017-10-11
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
Max CVSS
6.4
EPSS Score
2.11%
Published
2007-03-10
Updated
2011-03-08
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
Max CVSS
10.0
EPSS Score
6.37%
Published
2007-03-07
Updated
2018-10-16
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
7.8
EPSS Score
2.97%
Published
2007-03-07
Updated
2018-10-16
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
Max CVSS
5.1
EPSS Score
13.28%
Published
2007-03-03
Updated
2018-10-16
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Max CVSS
5.0
EPSS Score
1.80%
Published
2007-03-02
Updated
2018-10-16
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
0.72%
Published
2007-03-02
Updated
2017-10-11
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
Max CVSS
5.0
EPSS Score
1.09%
Published
2007-03-02
Updated
2018-10-16