CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 63/72 • 8591 CVEs.

Subscribe CVEs: RSS for “Path Traversal”  ·  RSS (High+Critical only)

About “Path Traversal”

A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-07-15
Medium

CVE-2007-3785

Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pat…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2006-4169

Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2007-3772

Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.

CVSS: 6.4 CWE: N/A View on NVD
2007-07-11
Medium

CVE-2007-3702

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the arch…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-3707

Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c par…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-3714

Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the proven…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-3692

Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-07-10
Medium

CVE-2007-3649

Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-3633

Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathnam…

CVSS: 6.4 CWE: N/A View on NVD
2007-07-09
Medium

CVE-2007-3619

Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-3620

Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters t…

CVSS: 5.0 CWE: N/A View on NVD
2007-07-03
Medium

CVE-2007-3535

Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE par…

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2007-3547

Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2007-3523

Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parame…

CVSS: 6.4 CWE: N/A View on NVD
2007-07-02
Medium

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched aga…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2007-3505

Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_ch…

CVSS: 6.4 CWE: N/A View on NVD
2007-06-30
Critical

CVE-2007-3504

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-06-29
Medium

CVE-2007-3487

Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argum…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-06-27
Medium

CVE-2007-3425

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CV…

CVSS: 5.0 CWE: N/A View on NVD
2007-06-26
Medium

CVE-2007-3406

Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute o…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-3404

Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-06-22
High

CVE-2007-3346

Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-06-21
Medium

CVE-2007-3332

Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2007-3312

Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parame…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2007-3326

Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php a…

CVSS: 5.8 CWE: N/A View on NVD
2007-06-20
Medium

CVE-2007-3295

Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile…

CVSS: 6.5 CWE: N/A View on NVD
2007-06-19
High

CVE-2007-3272

Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2007-3266

Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.

CVSS: 9.0 CWE: N/A View on NVD
2007-06-18
High

CVE-2007-3251

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to adm…

CVSS: 7.8 CWE: N/A View on NVD
2007-06-11
Medium

CVE-2007-3172

Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in t…

CVSS: 5.0 CWE: N/A View on NVD
2007-06-08
High

CVE-2007-3138

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cook…

CVSS: 7.5 CWE: N/A View on NVD
2007-06-06
Medium

CVE-2007-3096

Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-3072

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2007-3073

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-3075

Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-3082

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-05-31
High

CVE-2007-2960

Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-2934

Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-05-25
Medium

CVE-2007-1860

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protec…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-05-22
Medium

CVE-2007-2519

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attri…

CVSS: 6.8 CWE: N/A View on NVD
2007-05-21
High

CVE-2007-2778

Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP script…

CVSS: 7.8 CWE: N/A View on NVD
2007-05-17
Medium

CVE-2007-2747

Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-16
Medium

CVE-2007-2440

Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containin…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-2705

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote a…

CVSS: 7.8 CWE: N/A View on NVD
2007-05-15
High

CVE-2007-2681

Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.

CVSS: 7.5 CWE: N/A View on NVD
2007-05-14
Medium

CVE-2007-2659

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the d…

CVSS: 5.0 CWE: N/A View on NVD
2007-05-13
Critical

CVE-2007-2633

Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-2639

Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-2642

Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2007-2643

Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-09
Medium

CVE-2007-2574

Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-2560

Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (…

CVSS: 5.1 CWE: N/A View on NVD
2007-05-04
Critical

CVE-2007-2503

Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] paramet…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-2507

Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-05-03
Medium

CVE-2007-2482

Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitr…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-2483

Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbi…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-2486

Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-02
Medium

CVE-2007-2471

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-1744

Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2007-2425

Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-2430

shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUser…

CVSS: 7.8 CWE: N/A View on NVD
2007-05-01
High

CVE-2007-2412

Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has…

CVSS: 7.8 CWE: N/A View on NVD
2007-04-30
Medium

CVE-2007-2369

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-04-27
High

CVE-2007-2324

Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-04-26
Medium

CVE-2007-2303

Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the templat…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-2304

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-2285

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. N…

CVSS: 7.8 CWE: N/A View on NVD
2007-04-25
Medium

CVE-2007-2268

Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) lo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-2269

Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2007-2271

Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.

CVSS: 9.4 CWE: N/A View on NVD
Medium

CVE-2007-2252

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) v…

CVSS: 4.3 CWE: N/A View on NVD
2007-04-24
Critical

CVE-2007-2200

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-2184

Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.

CVSS: 5.0 CWE: N/A View on NVD
2007-04-19
High

CVE-2007-2155

Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/in…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-2157

Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS: 7.8 CWE: N/A View on NVD
2007-04-18
High

CVE-2007-2104

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) p…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-2105

Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-2106

Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_them…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-2058

Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-2069

Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] paramet…

CVSS: 7.5 CWE: N/A View on NVD
2007-04-16
Medium

CVE-2007-2048

Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-2050

Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the l…

CVSS: 5.0 CWE: N/A View on NVD
2007-04-12
High

CVE-2007-2008

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-2012

Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.

CVSS: 5.8 CWE: N/A View on NVD
2007-04-11
High

CVE-2007-1954

Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .ta…

CVSS: 7.5 CWE: N/A View on NVD
2007-04-10
Medium

CVE-2007-1904

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1906

Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local fi…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1928

Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1929

Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin paramete…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-1930

Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2007-1932

Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1933

Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1934

Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] pa…

CVSS: 6.8 CWE: N/A View on NVD
2007-04-09
Medium

CVE-2007-1896

Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[…

CVSS: 5.8 CWE: N/A View on NVD
2007-04-03
Medium

CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) a…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2007-1842

Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1849

Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1850

Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2007-1851

Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class para…

CVSS: 7.5 CWE: N/A View on NVD
2007-04-02
High

CVE-2007-1801

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as de…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a…

CVSS: 6.4 CWE: N/A View on NVD
2007-03-30
Low

CVE-2007-1773

Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whi…

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-03-28
High

CVE-2007-1720

Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_n…

CVSS: 7.5 CWE: N/A View on NVD
2007-03-23
High

CVE-2007-1636

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting P…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1633

Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1613

Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.

CVSS: 7.5 CWE: N/A View on NVD
2007-03-22
Medium

CVE-2007-1601

Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researche…

CVSS: 5.0 CWE: N/A View on NVD
2007-03-21
Medium

CVE-2007-1577

Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated…

CVSS: 5.0 CWE: N/A View on NVD
2007-03-20
Medium

CVE-2007-1539

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1540

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2007-1541

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1524

Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demon…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-1509

Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter.

CVSS: 4.3 CWE: N/A View on NVD
2007-03-16
Medium

CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2007-1477

Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language para…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1487

Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in…

CVSS: 5.0 CWE: N/A View on NVD
2007-03-14
Medium

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

CVSS: 4.3 CWE: N/A View on NVD
Critical

CVE-2007-1455

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parame…

CVSS: 9.0 CWE: N/A View on NVD