Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2006 | 1 Letodms | 1 Letodms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2010-2104 | 1 Orbitdownloader | 1 Orbit Downloader | 2018-10-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. | |||||
| CVE-2010-2122 | 2 Joelrowley, Joomla | 2 Com Simpledownload, Joomla\! | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1462 | 1 Webasyst Llc | 1 Shop-script | 2018-10-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter. | |||||
| CVE-2010-1512 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2018-10-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-0989 | 1 Pulsecms | 1 Pulse Cms | 2018-10-10 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. | |||||
| CVE-2010-0999 | 1 Freedownloadmanager | 1 Free Download Manager | 2018-10-10 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-1000 | 1 Kde | 1 Kde Sc | 2018-10-10 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
| CVE-2010-1003 | 1 Efrontlearning | 1 Efront | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter. | |||||
| CVE-2010-0620 | 1 Emc | 1 Homebase Server | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2010-0403 | 1 Phpgroupware | 1 Phpgroupware | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter. | |||||
| CVE-2010-0154 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability." | |||||
| CVE-2009-4421 | 1 Alexander Palmo | 1 Simple Php Blog | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. | |||||
| CVE-2009-4886 | 1 Bernhard Frohlich | 1 Phpcom | 2018-10-10 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php. | |||||
| CVE-2009-5087 | 1 Geovision | 1 Digital Surveillance System | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. | |||||
| CVE-2009-4116 | 1 Cutephp | 1 Cutenews | 2018-10-10 | 3.5 LOW | N/A |
| Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. | |||||
| CVE-2009-4261 | 1 Roman Marxer | 1 Ganeti | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." | |||||
| CVE-2009-3664 | 1 Nullam | 1 Nullam Blog | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters. | |||||
| CVE-2009-3583 | 1 Sql-ledger | 1 Sql-ledger | 2018-10-10 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. | |||||
| CVE-2009-3702 | 1 Php-calendar | 1 Php-calendar | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||