ReportizFlow
Filtered by vendor
Subscriptions
Total
9289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6552 | 1 Auracms | 1 Auracms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | ||||
| CVE-2009-2110 | 1 Jnmsolutions | 1 Db Top Sites | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php. | ||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2026-04-23 | N/A |
| Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | ||||
| CVE-2010-0013 | 6 Adium, Fedoraproject, Opensuse and 3 more | 7 Adium, Fedora, Opensuse and 4 more | 2026-04-23 | 7.5 High |
| Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. | ||||
| CVE-2008-6508 | 1 Igniterealtime | 1 Openfire | 2026-04-23 | N/A |
| Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI. | ||||
| CVE-2010-0012 | 3 Debian, Opensuse, Transmissionbt | 3 Debian Linux, Opensuse, Transmission | 2026-04-23 | 8.8 High |
| Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. | ||||
| CVE-2009-4581 | 1 Roseonlinecms | 1 Roseonlinecms | 2026-04-23 | 9.8 Critical |
| Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter. | ||||
| CVE-2009-4449 | 1 Mybb | 1 Mybb | 2026-04-23 | 6.5 Medium |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | ||||
| CVE-2009-4435 | 1 Compmaster.prv.pl | 1 F3site | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | ||||
| CVE-2009-4426 | 1 Launchpad | 1 Ignition | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. | ||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2026-04-23 | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | ||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | ||||
| CVE-2008-6316 | 1 Phpmygallery | 1 Phpmygallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318. | ||||
| CVE-2009-4315 | 1 Nuggetz | 1 Nuggetz Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code. | ||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | ||||
| CVE-2009-4205 | 1 Ringsworld | 1 Flashlight Free Edition | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | ||||
| CVE-2009-4194 | 1 Kmint21 | 1 Golden Ftp Server | 2026-04-23 | 8.1 High |
| Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2836 | 1 Hiki | 1 Hiki | 2026-04-23 | N/A |
| Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | ||||
| CVE-2007-6368 | 1 Ezcontents | 1 Ezcontents | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter. | ||||
| CVE-2009-4056 | 1 Betsy | 1 Betsy Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. | ||||