Total
6472 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2024-08-07 | N/A |
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | ||||
CVE-2007-3936 | 1 A-shop | 1 A-shop | 2024-08-07 | N/A |
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | ||||
CVE-2007-3874 | 1 Altiris | 1 Deployment Solution | 2024-08-07 | N/A |
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2007-3846 | 2 Subversion, Tortoisesvn | 2 Subversion, Tortoisesvn | 2024-08-07 | N/A |
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. | ||||
CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2024-08-07 | N/A |
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | ||||
CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2024-08-07 | N/A |
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | ||||
CVE-2007-3072 | 1 Mozilla | 1 Firefox | 2024-08-07 | N/A |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. | ||||
CVE-2007-2836 | 1 Hiki | 1 Hiki | 2024-08-07 | N/A |
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | ||||
CVE-2007-1860 | 2 Apache, Redhat | 4 Tomcat Jk Web Server Connector, Network Satellite, Rhel Application Server and 1 more | 2024-08-07 | N/A |
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. | ||||
CVE-2007-1773 | 1 Unverse.net | 1 Abitwhizzy | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. | ||||
CVE-2007-1149 | 1 Lovecms | 1 Lovecms | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | ||||
CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2024-08-07 | N/A |
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2007-1140 | 1 Barekoncept | 1 Pheap | 2024-08-07 | N/A |
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter. | ||||
CVE-2007-1126 | 1 Xt-commerce | 1 Xt-commerce | 2024-08-07 | N/A |
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | ||||
CVE-2007-1076 | 1 Phptraffica | 1 Phptraffica | 2024-08-07 | N/A |
Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. | ||||
CVE-2007-1042 | 1 Xpression News | 1 Xpression News | 2024-08-07 | N/A |
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2024-08-07 | N/A |
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
CVE-2007-1138 | 1 Cromosoft | 1 Simple Plantilla Php | 2024-08-07 | N/A |
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | ||||
CVE-2007-1031 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2024-08-07 | N/A |
Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. |