ReportizFlow
Filtered by vendor
Subscriptions
Total
9288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2026-04-23 | 7.5 High |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | ||||
| CVE-2008-3770 | 1 Openfreeway | 1 Freeway | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677. | ||||
| CVE-2008-3723 | 1 Phpizabi | 1 Phpizabi | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3710 | 1 Hotscripts | 1 Cyboards Php Lite | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation. | ||||
| CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. | ||||
| CVE-2009-2544 | 2 Marcelo Costa, Microsoft | 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. | ||||
| CVE-2007-5446 | 1 Perfection Bytes | 1 Pbemail | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method. | ||||
| CVE-2007-5454 | 1 Php File Sharing System | 1 Php File Sharing System | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter. | ||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | ||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | ||||
| CVE-2007-5484 | 1 Wwwisis | 1 Wwwisis | 2026-04-23 | N/A |
| Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter to iah. | ||||
| CVE-2007-5489 | 1 Artmedic Webdesign | 1 Artmedic Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2009-2325 | 1 Clicknet | 1 Clicknet Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter. | ||||
| CVE-2009-2313 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. | ||||
| CVE-2007-5642 | 1 Phppm | 1 Php Project Management | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/. | ||||
| CVE-2007-5650 | 1 Reloadcms | 1 Reloadcms | 2026-04-23 | N/A |
| Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php. | ||||
| CVE-2007-5674 | 1 Instaguide | 1 Weather | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | ||||
| CVE-2007-5685 | 1 Serverkit | 1 Shttp | 2026-04-23 | N/A |
| The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree. | ||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | ||||