Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2611 | 1 Gander | 1 Myfusion | 2017-09-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter. | |||||
| CVE-2009-2784 | 1 Ditcms | 1 Dit.cms | 2017-09-18 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. | |||||
| CVE-2009-2787 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2017-09-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2009-2792 | 1 Joshua Oliver | 1 Really Simple Cms | 2017-09-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. | |||||
| CVE-2009-2925 | 1 Djcalendar | 1 Djcalendar | 2017-09-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. | |||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2017-09-18 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||||
| CVE-2009-2923 | 1 Bitmixsoft | 1 Php-lance | 2017-09-18 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. | |||||
| CVE-2009-3053 | 2 Joomla, Jvitals | 2 Joomla, Com Agora | 2017-09-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. | |||||
| CVE-2009-3064 | 1 Rein Velt | 1 Vedit | 2017-09-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT 0.1.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _GET[filename] parameter. | |||||
| CVE-2009-3151 | 1 Ultrize | 1 Timesheet | 2017-09-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2009-3149 | 1 Curveriderhq | 1 Elgg | 2017-09-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3167 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2009-3181 | 1 Anantasoft | 1 Gazelle Cms | 2017-09-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php. | |||||
| CVE-2009-3216 | 1 Wiccle | 1 Iwiccle | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php. | |||||
| CVE-2009-3219 | 1 The-ghost | 1 Ar Web Content Manager | 2017-09-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. | |||||
| CVE-2009-3249 | 1 Vtiger | 1 Vtiger Crm | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files. | |||||
| CVE-2009-3318 | 2 Breedveld, Joomla | 2 Com Album, Joomla | 2017-09-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. | |||||
| CVE-2009-3366 | 1 Plohni | 1 An Image Gallery | 2017-09-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2009-3425 | 1 Databay | 1 Maxcms | 2017-09-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | |||||
| CVE-2009-3507 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2017-09-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. | |||||