CVE-2009-3733

Public exploit
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
95.72%
Published
2009-11-02
Updated
2018-10-10

CVE-2009-3693

Public exploit
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
Max CVSS
9.3
EPSS Score
89.90%
Published
2009-10-13
Updated
2009-10-13

CVE-2009-2265

Public exploit
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Max CVSS
7.5
EPSS Score
97.27%
Published
2009-07-05
Updated
2021-06-24

CVE-2009-1730

Public exploit
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
Max CVSS
10.0
EPSS Score
83.70%
Published
2009-05-20
Updated
2017-08-17

CVE-2009-0880

Public exploit
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
Max CVSS
6.8
EPSS Score
31.75%
Published
2009-03-12
Updated
2018-10-10

CVE-2008-6825

Public exploit
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
Max CVSS
6.8
EPSS Score
9.08%
Published
2009-06-05
Updated
2017-09-29

CVE-2008-6508

Public exploit
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.
Max CVSS
7.5
EPSS Score
60.90%
Published
2009-03-23
Updated
2018-10-11
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
Max CVSS
5.1
EPSS Score
2.20%
Published
2009-12-31
Updated
2017-08-17
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
Max CVSS
6.5
EPSS Score
0.39%
Published
2009-12-29
Updated
2024-01-26
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
Max CVSS
6.8
EPSS Score
0.39%
Published
2009-12-28
Updated
2017-08-17
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
Max CVSS
5.0
EPSS Score
0.31%
Published
2009-12-28
Updated
2009-12-29
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
Max CVSS
7.5
EPSS Score
1.10%
Published
2009-12-28
Updated
2020-11-16
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
Max CVSS
6.8
EPSS Score
0.64%
Published
2009-12-28
Updated
2017-08-17
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
Max CVSS
6.5
EPSS Score
0.43%
Published
2009-12-24
Updated
2018-10-10
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Max CVSS
7.5
EPSS Score
1.80%
Published
2009-12-24
Updated
2017-08-17
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
Max CVSS
5.0
EPSS Score
0.27%
Published
2009-12-22
Updated
2009-12-24
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
Max CVSS
7.5
EPSS Score
0.52%
Published
2009-12-21
Updated
2010-06-24
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
Max CVSS
6.8
EPSS Score
7.52%
Published
2009-12-14
Updated
2017-08-17
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
Max CVSS
7.5
EPSS Score
0.29%
Published
2009-12-21
Updated
2018-10-10
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-08
Updated
2009-12-09
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
Max CVSS
9.3
EPSS Score
0.35%
Published
2009-12-07
Updated
2017-08-17
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-04
Updated
2017-09-19
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
Max CVSS
7.5
EPSS Score
1.96%
Published
2009-12-04
Updated
2017-09-19
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.
Max CVSS
8.1
EPSS Score
0.59%
Published
2009-12-03
Updated
2024-01-26
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.82%
Published
2009-12-03
Updated
2009-12-04
323 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!