High
CVE-2009-2258
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 57/72 • 8591 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2009-06-30
2009-06-26
Medium
CVE-2009-2229
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a differe…
Medium
CVE-2009-2224
Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang par…
Critical
CVE-2009-2223
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote f…
Medium
CVE-2009-2222
Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail.
Medium
CVE-2009-2220
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary…
2009-06-23
Medium
CVE-2009-2184
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
High
CVE-2009-2183
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDi…
Medium
CVE-2009-2180
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the fi…
Medium
CVE-2009-2177
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (…
High
CVE-2009-2176
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory…
2009-06-22
Medium
CVE-2009-2166
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
Critical
CVE-2008-6834
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/co…
Critical
CVE-2008-6833
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for…
Medium
CVE-2009-2161
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary loca…
Medium
CVE-2009-2151
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
2009-06-19
Medium
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversa…
High
CVE-2009-2124
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
2009-06-18
Medium
CVE-2009-2116
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
High
CVE-2009-2112
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[setting…
High
CVE-2009-2110
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u pa…
Medium
CVE-2009-2109
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) f…
2009-06-17
Medium
CVE-2009-2101
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent param…
Medium
CVE-2009-2100
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in t…
Medium
CVE-2009-2095
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code…
2009-06-16
Medium
CVE-2008-5515
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDi…
Medium
CVE-2009-2081
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module pa…
2009-06-12
Medium
CVE-2009-2037
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbit…
2009-06-11
Medium
CVE-2009-1760
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers t…
2009-06-09
High
CVE-2009-2015
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the fi…
2009-06-08
Medium
CVE-2009-2007
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in…
2009-06-05
Medium
CVE-2009-1948
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read…
Medium
CVE-2008-6825
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parame…
Critical
CVE-2009-1936
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct…
2009-06-04
Medium
CVE-2009-1912
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language co…
Medium
CVE-2009-1911
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to inc…
2009-06-01
High
CVE-2009-1847
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.
High
CVE-2009-1846
Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter…
2009-05-22
Critical
CVE-2009-1774
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/…
High
CVE-2009-1770
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…
Medium
CVE-2009-1768
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Medium
CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref p…
High
CVE-2009-1748
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form paramet…
2009-05-21
Critical
CVE-2009-1161
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresen…
Critical
CVE-2009-1743
Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitra…
2009-05-20
High
CVE-2009-1737
Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
Critical
CVE-2009-1730
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (…
2009-05-18
High
CVE-2009-1678
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot)…
2009-05-16
High
CVE-2009-1653
Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter.
High
CVE-2009-1649
Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter.
2009-05-12
Medium
CVE-2009-1625
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
Medium
CVE-2009-1624
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
Medium
CVE-2009-1621
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
2009-05-06
High
CVE-2009-1559
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files vi…
High
CVE-2009-1558
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (enc…
2009-05-05
Medium
CVE-2009-1523
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal se…
2009-05-04
Medium
CVE-2009-1519
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
2009-05-01
High
CVE-2009-1510
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter…
Medium
CVE-2008-6786
Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (…
High
CVE-2009-1502
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parame…
Medium
CVE-2009-1498
Directory traversal vulnerability in inc/profilemain.php in Game Maker 2k Internet Discussion Boards (iDB) 0.2.5 Pre-Alpha SVN 243 allows remote attackers to include and execute arbitrary local files…
Medium
CVE-2009-1496
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit paramete…
2009-04-29
Medium
CVE-2009-1488
Directory traversal vulnerability in admin/load.php in FunGamez RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
High
CVE-2009-1486
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
2009-04-28
Medium
CVE-2009-1456
Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
2009-04-27
High
CVE-2009-1445
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs…
2009-04-24
Medium
CVE-2009-1407
Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a certain languages[][file] parameter.
Medium
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Medium
CVE-2009-1405
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the se…
2009-04-22
High
CVE-2009-1368
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2…
2009-04-21
Medium
CVE-2008-6735
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
Critical
CVE-2008-6734
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Medium
CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
2009-04-17
Critical
CVE-2008-5518
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary d…
High
CVE-2009-1319
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
Medium
CVE-2009-1318
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory…
Medium
CVE-2008-6726
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit param…
2009-04-08
Medium
CVE-2008-6668
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename p…
2009-04-07
Medium
CVE-2008-6659
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution…
Medium
CVE-2008-6658
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary dire…
High
CVE-2008-6630
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vecto…
2009-04-06
High
CVE-2009-1246
Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) row_mysql_blocks_center_down[file] param…
Medium
CVE-2008-6610
Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file param…
2009-04-04
Critical
CVE-2008-6604
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulne…
2009-04-03
High
CVE-2008-6592
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal…
Medium
CVE-2008-6590
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot)…
2009-04-02
Medium
CVE-2009-1222
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arb…
2009-03-31
Critical
CVE-2009-0841
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files v…
2009-03-30
Medium
CVE-2008-6551
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot do…
2009-03-26
Medium
CVE-2009-1148
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequen…
2009-03-25
Medium
CVE-2009-1090
Directory traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uploaded…
Medium
CVE-2009-1089
Absolute path traversal vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to read arbitrary files via a base64-encoded absolute path in the filename parameter.
Medium
CVE-2008-6522
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to lis…
High
CVE-2008-6516
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_aya…
2009-03-23
High
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a ..…
Medium
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI…
2009-03-20
Medium
CVE-2008-6502
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause…
High
CVE-2009-1031
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot)…
2009-03-17
Medium
CVE-2009-0932
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files vi…
Medium
CVE-2009-0929
Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors.
2009-03-13
Medium
CVE-2008-6453
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
2009-03-12
Medium
CVE-2009-0886
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter.
Medium
CVE-2009-0880
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) i…
2009-03-10
High
CVE-2009-0865
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite…
2009-03-06
High
CVE-2008-6424
Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).
Medium
CVE-2008-6423
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.
High
CVE-2008-6410
Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
High
CVE-2008-6407
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
High
CVE-2009-0766
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NO…
High
CVE-2009-0765
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.
2009-03-03
Medium
CVE-2009-0753
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
2009-03-02
Medium
CVE-2008-6361
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parame…
2009-02-27
Medium
CVE-2008-6336
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal s…
High
CVE-2008-6335
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
High
CVE-2008-6334
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Medium
CVE-2008-6317
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[l…
Medium
CVE-2008-6316
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang param…
Medium
CVE-2008-6313
Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the edi…
Medium
CVE-2008-6308
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_…
2009-02-26
Critical
CVE-2009-0615
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read…