Total
6472 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-4665 | 1 Cutesoft Components | 1 Cute Editor For Asp.net | 2024-08-07 | N/A |
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
CVE-2009-4581 | 1 Roseonlinecms | 1 Roseonlinecms | 2024-08-07 | 9.8 Critical |
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter. | ||||
CVE-2009-4627 | 1 Dan Brown | 1 Moa Gallery | 2024-08-07 | N/A |
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614. | ||||
CVE-2009-4427 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-08-07 | N/A |
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | ||||
CVE-2009-4426 | 1 Launchpad | 1 Ignition | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. | ||||
CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-08-07 | N/A |
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | ||||
CVE-2009-4434 | 1 Idevspot | 1 Isupport | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter. | ||||
CVE-2009-4449 | 1 Mybboard | 1 Mybb | 2024-08-07 | 6.5 Medium |
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | ||||
CVE-2009-4415 | 1 Phpgroupware | 1 Phpgroupware | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. | ||||
CVE-2009-4435 | 1 Compmaster.prv.pl | 1 F3site | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. | ||||
CVE-2009-4315 | 1 Nuggetz | 1 Nuggetz Cms | 2024-08-07 | N/A |
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code. | ||||
CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | ||||
CVE-2009-4205 | 1 Ringsworld | 1 Flashlight Free Edition | 2024-08-07 | N/A |
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | ||||
CVE-2009-4194 | 1 Kmint21 | 1 Golden Ftp Server | 2024-08-07 | 8.1 High |
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information. | ||||
CVE-2009-4202 | 2 Joomla, Omilenitsolutions | 2 Joomla\!, Com Omphotogallery | 2024-08-07 | N/A |
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | ||||
CVE-2009-4216 | 1 Klinza | 1 Klinza Professional Cms | 2024-08-07 | N/A |
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. | ||||
CVE-2009-4088 | 1 Telepark | 1 Telepark.wiki | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. | ||||
CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | ||||
CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2024-08-07 | N/A |
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | ||||
CVE-2009-3902 | 2 Cherokee, Microsoft | 2 Cherokee Httpd, Windows | 2024-08-07 | N/A |
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. |