Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1364 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2018-10-19 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | |||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2018-10-19 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | |||||
| CVE-2018-15495 | 1 Tecrail | 1 Responsive Filemanager | 2018-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | |||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2018-10-18 | 5.1 MEDIUM | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | |||||
| CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | |||||
| CVE-2006-0976 | 1 Spid | 1 Spid | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter. | |||||
| CVE-2006-0950 | 1 Unalz | 1 Unalz | 2018-10-18 | 2.6 LOW | N/A |
| unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | |||||
| CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | |||||
| CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2018-10-18 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | |||||
| CVE-2006-6047 | 1 Etomite | 1 Etomite | 2018-10-17 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2006-5897 | 1 Phpheaven | 1 Phpmychat Plus | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect. | |||||
| CVE-2006-5487 | 1 Marshal | 1 Mailmarshal Smtp | 2018-10-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. | |||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | |||||
| CVE-2006-3934 | 1 Alkacon | 1 Opencms | 2018-10-17 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | |||||
| CVE-2018-15535 | 1 Tecrail | 1 Responsive Filemanager | 2018-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. | |||||
| CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2018-10-16 | 6.4 MEDIUM | N/A |
| Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | |||||
| CVE-2007-3072 | 1 Mozilla | 1 Firefox | 2018-10-16 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. | |||||
| CVE-2007-1149 | 1 Lovecms | 1 Lovecms | 2018-10-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | |||||
| CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||