Critical
CVE-2008-4281
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain pri…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 59/72 • 8591 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2008-11-10
2008-11-04
Medium
CVE-2008-4894
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows re…
Medium
CVE-2008-4913
Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
2008-11-01
Medium
CVE-2008-4875
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (d…
2008-10-30
Medium
CVE-2008-4797
Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.
2008-10-29
High
CVE-2008-4781
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
Medium
CVE-2008-4780
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal se…
2008-10-28
Medium
CVE-2008-4773
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
Critical
CVE-2008-4769
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…
Medium
CVE-2008-4764
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a…
Medium
CVE-2008-4759
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
Medium
CVE-2008-4758
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
2008-10-27
Medium
CVE-2008-4741
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
Medium
CVE-2008-4740
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include a…
2008-10-24
Medium
CVE-2008-4739
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi…
2008-10-23
High
CVE-2008-4718
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_f…
Medium
CVE-2008-4712
Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (…
Medium
CVE-2008-4707
Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter.
2008-10-22
High
CVE-2008-4702
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[templ…
Critical
CVE-2008-4668
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fo…
High
CVE-2008-4667
Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.
Medium
CVE-2008-4662
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…
2008-10-21
Medium
CVE-2008-4632
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot…
Medium
CVE-2008-4626
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is…
2008-10-18
Medium
CVE-2008-4602
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
2008-10-16
Critical
CVE-2008-4592
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
2008-10-14
Critical
CVE-2008-4397
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary comma…
2008-10-09
High
CVE-2008-4528
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the i…
Critical
CVE-2008-4526
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php,…
High
CVE-2008-4522
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src para…
High
CVE-2008-4519
Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.p…
Critical
CVE-2008-4501
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backs…
Critical
CVE-2008-4499
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to…
2008-10-08
Medium
CVE-2008-4490
Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (d…
Critical
CVE-2008-4489
Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parame…
Critical
CVE-2008-4486
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mo…
Medium
CVE-2008-4483
Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot…
2008-10-07
Critical
CVE-2008-4471
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, a…
High
CVE-2008-4421
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
2008-10-06
Medium
CVE-2008-4455
Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a…
Medium
CVE-2008-4454
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: th…
2008-10-03
High
CVE-2008-4437
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with…
High
CVE-2008-4425
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file…
Medium
CVE-2008-2439
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds befo…
2008-09-30
High
CVE-2008-4361
Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI.
Critical
CVE-2008-4358
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
High
CVE-2008-4351
Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter.
High
CVE-2008-4346
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a di…
High
CVE-2008-4331
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act p…
High
CVE-2008-4330
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
2008-09-25
High
CVE-2008-4243
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot…
2008-09-24
High
CVE-2008-4068
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imp…
Medium
CVE-2008-4067
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary…
Medium
CVE-2008-4151
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
2008-09-23
Medium
CVE-2008-4187
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Medium
CVE-2008-4181
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated…
2008-09-22
Medium
CVE-2008-4158
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc para…
2008-09-19
High
CVE-2008-4155
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www…
2008-09-18
Medium
CVE-2008-4129
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read ar…
Medium
CVE-2008-3195
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string…
2008-09-15
Medium
CVE-2008-4075
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
2008-09-11
High
CVE-2008-4040
Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
2008-09-05
High
CVE-2008-3939
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
2008-09-04
Medium
CVE-2008-3926
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action…
2008-08-27
Medium
CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) c…
2008-08-25
Medium
CVE-2008-3776
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
2008-08-22
Medium
CVE-2008-3770
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang…
2008-08-20
Medium
CVE-2008-3723
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full…
Medium
CVE-2008-3727
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
2008-08-19
Medium
CVE-2008-3708
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macr…
Medium
CVE-2008-3710
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path par…
2008-08-14
Medium
CVE-2008-3675
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter.…
Medium
CVE-2008-3677
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
2008-08-13
Medium
CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbit…
2008-08-12
Medium
CVE-2008-3600
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files…
2008-08-11
Medium
CVE-2008-3589
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
High
CVE-2008-3593
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
2008-08-10
Medium
CVE-2008-3562
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a…
High
CVE-2008-3564
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archiv…
High
CVE-2008-3568
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local fil…
2008-08-08
Medium
CVE-2008-3555
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and po…
2008-08-06
High
CVE-2008-3486
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attacker…
2008-08-04
Medium
CVE-2008-3446
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Medium
CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which…
2008-07-31
High
CVE-2008-3415
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequence…
Medium
CVE-2008-3390
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local…
Medium
CVE-2008-3405
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_f…
2008-07-30
High
CVE-2008-3384
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (d…
Medium
CVE-2008-3385
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conten…
Medium
CVE-2008-3365
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot)…
High
CVE-2008-3371
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversa…
High
CVE-2008-3363
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash…
2008-07-27
High
CVE-2008-3333
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (a…
2008-07-25
Medium
CVE-2008-3312
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (d…
High
CVE-2008-3296
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: th…
2008-07-24
Medium
CVE-2008-3293
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
2008-07-17
Medium
CVE-2008-3205
Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
2008-07-16
Medium
CVE-2008-3190
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Medium
CVE-2008-3192
Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
Medium
CVE-2008-3194
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (…
2008-07-15
High
CVE-2008-3179
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in…
2008-07-14
Medium
CVE-2008-3163
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NO…
High
CVE-2008-3164
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in th…
Medium
CVE-2008-3165
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (do…
2008-07-11
Critical
CVE-2008-3150
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_…
2008-07-10
Medium
CVE-2008-3128
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
2008-07-09
Critical
CVE-2008-3112
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arb…
Medium
CVE-2008-3087
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
2008-07-08
High
CVE-2008-3071
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
2008-07-07
High
CVE-2008-3031
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
High
CVE-2008-3036
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template…
2008-07-03
High
CVE-2008-2993
Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_ski…
2008-07-02
Medium
CVE-2008-2961
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
High
CVE-2008-2966
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
Medium
CVE-2008-2969
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile p…
Medium
CVE-2008-2974
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequ…
Medium
CVE-2008-2976
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences i…
Medium
CVE-2008-2978
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal s…
Medium
CVE-2008-2982
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal s…
Medium
CVE-2008-2985
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via direct…