Total
6472 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-1125 | 1 Podcast Generator | 1 Podcast Generator | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php. | ||||
CVE-2008-1117 | 1 Netopia | 1 Timbuktu Pro | 2024-08-07 | N/A |
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. | ||||
CVE-2008-1042 | 1 Linux Web Shop | 1 Php Download Manager | 2024-08-07 | N/A |
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. | ||||
CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | ||||
CVE-2008-0946 | 1 Ipswitch | 2 Imserver, Instant Messaging | 2024-08-07 | N/A |
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | ||||
CVE-2008-0981 | 1 Spyce | 1 Spyce | 2024-08-07 | N/A |
Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
CVE-2008-0819 | 1 Plutostatus | 1 Plutostatus Locator | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
CVE-2008-0905 | 1 Meo | 1 Globsy | 2024-08-07 | N/A |
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2024-08-07 | N/A |
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | ||||
CVE-2008-0840 | 1 Publicwarehouse | 1 Lightblog | 2024-08-07 | N/A |
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. | ||||
CVE-2008-0814 | 1 Truc | 1 Truc | 2024-08-07 | N/A |
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. | ||||
CVE-2008-0812 | 1 Banpro | 1 Net Banpro Dms | 2024-08-07 | N/A |
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter. | ||||
CVE-2008-0790 | 1 Intermate | 1 Winipds | 2024-08-07 | N/A |
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
CVE-2008-0818 | 1 Freephpgallery | 1 Freephpgallery | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php. | ||||
CVE-2008-0822 | 1 Scribe | 1 Scribe | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter. | ||||
CVE-2008-0798 | 1 Artmedic Webdesign | 1 Artmedic Weblog | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php. | ||||
CVE-2008-0794 | 1 Affiliate Market | 1 Affiliate Market | 2024-08-07 | N/A |
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | ||||
CVE-2008-0813 | 1 Xpweb | 1 Xpweb | 2024-08-07 | N/A |
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | ||||
CVE-2008-0797 | 1 Itheora | 1 Itheora | 2024-08-07 | N/A |
Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter. | ||||
CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2024-08-07 | N/A |
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. |