Search Results (9564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4843 1 X-diesel 1 Unreal Commander 2026-04-23 N/A
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2008-5175 1 Visicommedia 1 Aceftp 2026-04-23 N/A
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2008-2495 1 Pancake 1 Zina 2026-04-23 N/A
Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter.
CVE-2008-4781 1 Easy-script 1 Myktools 2026-04-23 N/A
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
CVE-2008-4773 1 Questwork 1 Questcms 2026-04-23 N/A
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
CVE-2008-4769 1 Wordpress 1 Wordpress 2026-04-23 N/A
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4718 1 X7 Group 1 X7 Chat 2026-04-23 N/A
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
CVE-2008-4632 1 Kure 1 Kure 2026-04-23 N/A
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
CVE-2007-6584 1 1024 Cms 1 1024 Cms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
CVE-2009-1912 1 Webspell 1 Webspell 2026-04-23 N/A
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVE-2008-2985 1 Cmreams 1 Cmreams Cms 2026-04-23 N/A
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
CVE-2008-2978 1 Ourvideocms 1 Ourvideo Cms 2026-04-23 N/A
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
CVE-2008-2666 1 Php 1 Php 2026-04-23 N/A
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.
CVE-2008-2650 1 Cmsimple 1 Cmsimple 2026-04-23 N/A
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
CVE-2008-2091 1 Kubelabs 1 Kubelance 2026-04-23 N/A
Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.
CVE-2008-2116 1 Scriptsez 1 Power Editor 2026-04-23 N/A
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
CVE-2007-5306 1 Yannick Tanguy 1 Else If Cms 2026-04-23 N/A
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
CVE-2009-1502 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
CVE-2008-1933 1 Microsoft 1 Zune Software 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
CVE-2008-1565 2 Hotscripts, Phpbb 2 Pjirc, Pjirc Module 2026-04-23 N/A
Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.