Total
5771 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0923 | 1 Vmware | 5 Ace, Player, Vmware Player and 2 more | 2023-12-10 | 6.9 MEDIUM | N/A |
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. | |||||
CVE-2007-5463 | 1 Viart | 1 Shop | 2023-12-10 | 5.0 MEDIUM | N/A |
ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. | |||||
CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2023-12-10 | 6.4 MEDIUM | N/A |
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | |||||
CVE-2008-0357 | 1 Galaxyscripts | 1 Mini File Host | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
CVE-2007-3874 | 1 Altiris | 1 Deployment Solution | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2007-6086 | 1 Vigilecms | 1 Vigilecms | 2023-12-10 | 9.3 HIGH | N/A |
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | |||||
CVE-2007-4058 | 1 Emc | 1 Vmware | 2023-12-10 | 4.3 MEDIUM | N/A |
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. | |||||
CVE-2007-5844 | 1 Guppy | 1 Guppy | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | |||||
CVE-2007-6554 | 1 George Lewe | 1 Teamcal Pro | 2023-12-10 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | |||||
CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
CVE-2007-4895 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | |||||
CVE-2007-6184 | 1 Project Alumni | 1 Project Alumni | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter. | |||||
CVE-2006-1746 | 1 Tincan | 1 Phplist | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | |||||
CVE-2005-2792 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. | |||||
CVE-2006-0795 | 1 Thomastsoi | 1 Quirex | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | |||||
CVE-2004-2745 | 1 Anteco Visual Technologies | 1 Ownserver | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||
CVE-2005-2619 | 2 Autonomy, Ibm | 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. | |||||
CVE-2006-2516 | 1 Xoops | 1 Xoops | 2023-12-10 | 5.1 MEDIUM | N/A |
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | |||||
CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2023-12-10 | 7.6 HIGH | N/A |
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | |||||
CVE-2006-2337 | 1 D-link | 1 Dsl-g604t | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. |