| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. |
| Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter. |
| Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. |
| Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. |
| Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. |
| Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter. |
| Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. |
| Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. |
| Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. |
| Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. |
| Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. |
| index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information. |
| Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
| Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php. |
| Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. |
| Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. |
| Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. |