Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
Max CVSS
5.0
EPSS Score
1.06%
Published
2008-12-31
Updated
2017-09-29
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
Max CVSS
6.8
EPSS Score
2.72%
Published
2008-12-31
Updated
2018-10-11
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
Max CVSS
5.4
EPSS Score
1.50%
Published
2008-12-31
Updated
2018-10-11
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Max CVSS
7.5
EPSS Score
0.48%
Published
2008-12-30
Updated
2017-09-29
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Max CVSS
7.5
EPSS Score
0.45%
Published
2008-12-30
Updated
2017-09-29
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
1.68%
Published
2008-12-30
Updated
2017-09-29
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Max CVSS
8.1
EPSS Score
11.93%
Published
2008-12-29
Updated
2024-01-26
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.
Max CVSS
5.1
EPSS Score
0.64%
Published
2008-12-26
Updated
2017-09-29
Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.44%
Published
2008-12-26
Updated
2017-08-08
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Max CVSS
7.5
EPSS Score
0.80%
Published
2008-12-17
Updated
2018-10-11
Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request.
Max CVSS
7.8
EPSS Score
0.60%
Published
2008-12-17
Updated
2017-08-08
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Max CVSS
5.0
EPSS Score
2.40%
Published
2008-12-17
Updated
2017-09-29
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
Max CVSS
4.3
EPSS Score
3.11%
Published
2008-12-17
Updated
2017-09-29
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Max CVSS
6.8
EPSS Score
2.10%
Published
2008-12-16
Updated
2017-09-29
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
Max CVSS
5.0
EPSS Score
1.14%
Published
2008-12-16
Updated
2017-09-29
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
Max CVSS
7.5
EPSS Score
2.97%
Published
2008-12-16
Updated
2017-09-29
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
Max CVSS
7.5
EPSS Score
1.99%
Published
2008-12-16
Updated
2017-09-29
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Max CVSS
4.3
EPSS Score
2.33%
Published
2008-12-16
Updated
2017-09-29
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
Max CVSS
5.0
EPSS Score
0.34%
Published
2008-12-15
Updated
2018-10-11
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Max CVSS
6.8
EPSS Score
1.50%
Published
2008-12-15
Updated
2017-09-29
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
Max CVSS
5.1
EPSS Score
0.73%
Published
2008-12-10
Updated
2017-09-29
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.45%
Published
2008-12-03
Updated
2018-10-11
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Max CVSS
6.4
EPSS Score
0.57%
Published
2008-12-01
Updated
2017-08-08
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
Max CVSS
7.5
EPSS Score
2.97%
Published
2008-12-01
Updated
2017-09-29
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
Max CVSS
7.5
EPSS Score
3.50%
Published
2008-11-28
Updated
2017-08-08
363 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!