Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3192 | 1 Sclek | 1 Jsite | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-3194 | 1 Pluck | 1 Pluck | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter. | |||||
| CVE-2008-3195 | 1 Twiki | 1 Twiki | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors. | |||||
| CVE-2008-3205 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
| CVE-2008-3371 | 1 Talkback | 1 Talkback | 2017-09-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3415 | 1 Cmscout | 1 Cmscout | 2017-09-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences. | |||||
| CVE-2008-3405 | 1 Nazgulled | 1 Nzfotolog | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. | |||||
| CVE-2008-3446 | 1 Letterit | 1 Letterit | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-3486 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2017-09-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. | |||||
| CVE-2008-3555 | 1 Wsn | 4 Forum, Gallery, Knowledge Base and 1 more | 2017-09-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. | |||||
| CVE-2008-3564 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2017-09-28 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
| CVE-2008-3593 | 1 Syzygycms | 1 Syzygycms | 2017-09-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-3675 | 1 Gelatocms | 1 Gelatocms | 2017-09-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. | |||||
| CVE-2007-6582 | 1 C97net | 1 Mblog | 2017-09-28 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | |||||
| CVE-2007-6581 | 1 Social Engine | 1 Social Engine | 2017-09-28 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/. | |||||
| CVE-2007-6584 | 1 1024 Cms | 1 1024 Cms | 2017-09-28 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1. | |||||
| CVE-2007-6604 | 1 Xcms | 1 Xcms | 2017-09-28 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/. | |||||