Total
8725 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2025-04-09 | N/A |
| Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | ||||
| CVE-2009-1161 | 1 Cisco | 10 Ciscoworks Common Services, Ciscoworks Health And Utilization Monitor, Ciscoworks Lan Management Solution and 7 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. | ||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | ||||
| CVE-2009-1847 | 1 Easypx41 | 1 Easy Px 41 Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter. | ||||
| CVE-2009-1873 | 1 Adobe | 1 Jrun | 2025-04-09 | N/A |
| Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter. | ||||
| CVE-2009-2047 | 1 Cisco | 6 Crs, Customer Response Applications, Ip Qm and 3 more | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. | ||||
| CVE-2009-2177 | 1 Fuzzylime | 1 Fuzzylime Cms | 2025-04-09 | N/A |
| code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | ||||
| CVE-2009-2183 | 1 Campware.org | 1 Campsite | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter. | ||||
| CVE-2009-2224 | 1 An Guestbook | 1 An Guestbook | 2025-04-09 | N/A |
| Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter. | ||||
| CVE-2009-2397 | 1 Audioarticledirectory | 1 Audio Article Directory | 2025-04-09 | N/A |
| Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | ||||
| CVE-2009-2658 | 1 Znc | 1 Znc | 2025-04-09 | N/A |
| Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. | ||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | ||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | ||||
| CVE-2007-5927 | 1 Openbase International Ltd | 1 Openbase | 2025-04-09 | 8.1 High |
| Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926. | ||||
| CVE-2009-4426 | 1 Launchpad | 1 Ignition | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. | ||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | ||||
| CVE-2008-1117 | 1 Netopia | 1 Timbuktu Pro | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. | ||||
| CVE-2006-5487 | 1 Marshal | 1 Mailmarshal Smtp | 2025-04-09 | N/A |
| Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. | ||||
| CVE-2006-5031 | 1 Cakephp | 1 Cakephp | 2025-04-09 | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | ||||
| CVE-2008-1284 | 1 Horde | 3 Groupware, Groupware Webmail Edition, Horde | 2025-04-09 | N/A |
| Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | ||||