Total
6468 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2024-08-07 | N/A |
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | ||||
CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2024-08-07 | N/A |
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | ||||
CVE-2006-0871 | 1 Mambo | 1 Mambo | 2024-08-07 | N/A |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. | ||||
CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2024-08-07 | N/A |
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | ||||
CVE-2006-0223 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2024-08-07 | N/A |
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | ||||
CVE-2007-6672 | 1 Mortbay Jetty | 1 Jetty | 2024-08-07 | N/A |
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. | ||||
CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2024-08-07 | N/A |
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
CVE-2007-6662 | 1 Cutephp | 1 Cutenews | 2024-08-07 | N/A |
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | ||||
CVE-2007-6651 | 1 Bitweaver | 1 Bitweaver | 2024-08-07 | N/A |
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | ||||
CVE-2007-5811 | 1 Phpmyconferences | 1 Phpmyconferences | 2024-08-07 | N/A |
Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed | ||||
CVE-2007-5364 | 1 Viart | 1 Shopping Cart | 2024-08-07 | N/A |
Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php | ||||
CVE-2007-6648 | 1 Sanybee Gallery | 1 Sanybee Gallery | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | ||||
CVE-2007-6552 | 1 Auracms | 1 Auracms | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. | ||||
CVE-2007-6471 | 1 Phpay | 1 Phpay | 2024-08-07 | N/A |
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. | ||||
CVE-2007-6621 | 1 Joovili | 1 Joovili | 2024-08-07 | N/A |
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | ||||
CVE-2007-6623 | 1 Zeuscms | 1 Zeuscms | 2024-08-07 | N/A |
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. | ||||
CVE-2007-6584 | 1 1024 Cms | 1 1024 Cms | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1. | ||||
CVE-2007-6582 | 1 C97net | 1 Mblog | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | ||||
CVE-2007-6620 | 1 Joovili | 1 Joovili | 2024-08-07 | N/A |
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. | ||||
CVE-2007-6567 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action. |