CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4512 22 1 Dir. Trav. 2009-12-31 2010-01-11
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter.
2 CVE-2009-4449 22 Dir. Trav. 2009-12-29 2011-01-04
6.3
None Remote Medium Single system Complete None None
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
3 CVE-2009-4435 22 2 Dir. Trav. 2009-12-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
4 CVE-2009-4434 22 2 Dir. Trav. 2009-12-28 2009-12-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
5 CVE-2009-4427 22 1 Dir. Trav. 2009-12-28 2010-03-26
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
6 CVE-2009-4426 22 2 Dir. Trav. 2009-12-28 2010-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
7 CVE-2009-4421 22 Dir. Trav. 2009-12-24 2009-12-28
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
8 CVE-2009-4415 22 Dir. Trav. 2009-12-24 2009-12-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
9 CVE-2009-4383 22 Dir. Trav. 2009-12-22 2009-12-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
10 CVE-2009-4374 22 Dir. Trav. 2009-12-21 2010-06-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
11 CVE-2009-4315 22 1 Exec Code Dir. Trav. 2009-12-14 2009-12-15
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
12 CVE-2009-4261 20 Exec Code +Priv Dir. Trav. 2009-12-21 2009-12-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
13 CVE-2009-4231 22 1 Dir. Trav. 2009-12-08 2009-12-09
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
14 CVE-2009-4216 22 1 Dir. Trav. 2009-12-07 2009-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
15 CVE-2009-4205 22 1 Dir. Trav. 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
16 CVE-2009-4202 22 1 Dir. Trav. 2009-12-04 2009-12-07
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
17 CVE-2009-4194 22 1 Dir. Trav. 2009-12-03 2009-12-04
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.
18 CVE-2009-4192 22 Dir. Trav. 2009-12-03 2009-12-04
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2009-4154 22 1 Dir. Trav. 2009-12-02 2009-12-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
20 CVE-2009-4116 22 Exec Code Dir. Trav. 2009-11-30 2009-12-01
3.5
None Remote Medium Single system Partial None None
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files.
21 CVE-2009-4088 22 2 Dir. Trav. 2009-11-29 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
22 CVE-2009-4056 22 Dir. Trav. 2009-11-23 2009-11-24
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter.
23 CVE-2009-4053 22 Dir. Trav. 2009-11-23 2009-11-23
4.0
None Remote Low Single system None Partial None
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
24 CVE-2009-4050 22 Dir. Trav. 2009-11-23 2009-11-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
25 CVE-2009-3912 22 1 Dir. Trav. 2009-11-09 2009-11-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
26 CVE-2009-3902 22 Dir. Trav. 2009-11-06 2009-11-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
27 CVE-2009-3898 22 Dir. Trav. 2009-11-24 2012-06-08
4.9
None Remote Medium Single system Partial Partial None
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
28 CVE-2009-3825 22 1 Dir. Trav. 2009-10-28 2011-12-14
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
29 CVE-2009-3824 22 1 Dir. Trav. 2009-10-28 2009-10-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter.
30 CVE-2009-3823 22 1 Dir. Trav. 2009-10-28 2011-12-14
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
31 CVE-2009-3792 22 Dir. Trav. 2009-12-21 2009-12-22
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.
32 CVE-2009-3787 22 Dir. Trav. 2009-10-26 2009-10-27
5.0
None Remote Low Not required Partial None None
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
33 CVE-2009-3733 22 Dir. Trav. 2009-11-02 2013-05-14
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
34 CVE-2009-3728 22 Dir. Trav. 2009-11-09 2010-08-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
35 CVE-2009-3702 22 Dir. Trav. File Inclusion 2009-12-22 2009-12-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
36 CVE-2009-3694 22 Dir. Trav. 2009-10-13 2009-10-13
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter.
37 CVE-2009-3693 22 Dir. Trav. 2009-10-13 2009-10-13
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
38 CVE-2009-3664 22 1 Dir. Trav. 2009-10-11 2009-10-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
39 CVE-2009-3625 22 Dir. Trav. 2009-10-26 2009-10-31
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
40 CVE-2009-3583 22 Exec Code Dir. Trav. 2009-12-23 2009-12-24
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
41 CVE-2009-3561 22 1 Dir. Trav. 2009-10-05 2009-10-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
42 CVE-2009-3542 22 1 Dir. Trav. File Inclusion 2009-10-02 2009-10-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
43 CVE-2009-3538 22 Dir. Trav. 2009-10-02 2009-10-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
44 CVE-2009-3535 22 2 Dir. Trav. File Inclusion 2009-10-02 2009-10-05
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
45 CVE-2009-3534 22 1 Dir. Trav. 2009-10-02 2009-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
46 CVE-2009-3515 22 1 Dir. Trav. 2009-10-01 2009-10-02
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
47 CVE-2009-3508 22 1 Dir. Trav. 2009-10-01 2009-10-01
6.0
None Remote Medium Single system Partial Partial Partial
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php.
48 CVE-2009-3507 22 1 Dir. Trav. 2009-10-01 2009-12-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
49 CVE-2009-3451 22 Dir. Trav. 2009-09-29 2009-09-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.
50 CVE-2009-3425 22 1 Dir. Trav. 2009-09-25 2009-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
Total number of vulnerabilities : 322   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.