Search Results (9682 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6926 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2026-04-23 N/A
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
CVE-2008-0488 1 Vb Marketing 1 Vb Marketing 2026-04-23 N/A
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
CVE-2008-0393 1 Gradman 1 Gradman 2026-04-23 N/A
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
CVE-2009-0371 1 Sitexs Cms 1 Sitexs Cms 2026-04-23 N/A
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2009-0423 1 Kevin Walker 1 Php Photo Album 2026-04-23 N/A
Directory traversal vulnerability in index.php in Php Photo Album (PHPPA) 0.8 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the preview parameter.
CVE-2008-6453 1 6rbscript 1 6rbscript 2026-04-23 N/A
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
CVE-2008-0465 1 Seagullproject.org 1 Seagull 2026-04-23 N/A
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
CVE-2009-1912 1 Webspell 1 Webspell 2026-04-23 N/A
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVE-2008-1798 1 Dragoon 1 Dragoon 2026-04-23 N/A
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
CVE-2009-3825 1 Thomas Graber 1 Gencms 2026-04-23 N/A
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
CVE-2008-5515 2 Apache, Redhat 8 Tomcat, Certificate System, Enterprise Linux and 5 more 2026-04-23 N/A
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
CVE-2008-6834 1 Fuzzylime 1 Fuzzylime \(cms\) 2026-04-23 N/A
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
CVE-2009-4435 1 Compmaster.prv.pl 1 F3site 2026-04-23 N/A
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
CVE-2009-2909 1 Linux 1 Linux Kernel 2026-04-23 N/A
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.
CVE-2007-6323 1 Mms Gallery 1 Mms Gallery Php 2026-04-23 N/A
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
CVE-2008-0840 1 Publicwarehouse 1 Lightblog 2026-04-23 N/A
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
CVE-2008-1645 1 Guillaume Meister 1 Php Spammanager 2026-04-23 N/A
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
CVE-2008-0923 1 Vmware 5 Ace, Player, Vmware Player and 2 more 2026-04-23 N/A
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
CVE-2008-0905 1 Meo 1 Globsy 2026-04-23 N/A
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-6423 1 I-apps 1 Passwiki 2026-04-23 N/A
Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter.