Total
8754 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0402 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 9.9 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | ||||
| CVE-2007-5465 | 1 Mydoop | 1 Doop Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component. | ||||
| CVE-2007-1143 | 1 Jeunes-webmasters | 1 J-web Pics Navigator | 2026-04-23 | N/A |
| Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2008-6313 | 1 Phpaddedit | 1 Phpaddedit | 2026-04-23 | N/A |
| Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely. | ||||
| CVE-2008-6334 | 1 Emetrix | 1 Extract Website | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2008-6335 | 1 Emetrix | 1 Online Keyword Research Tool | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2008-6604 | 1 Picoflat | 1 Picoflat Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390. | ||||
| CVE-2008-6201 | 1 Kwsphp | 1 Kwsphp | 2026-04-23 | N/A |
| Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6290 | 1 Niclor | 1 Include Sito | 2026-04-23 | N/A |
| Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter. | ||||
| CVE-2008-2672 | 1 Erfurtwiki | 1 Erfurtwiki | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and earlier, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) ewiki_id and (2) ewiki_action parameters to fragments/css.php, and possibly the (3) id parameter to the default URI. NOTE: the default URI is site-specific but often performs an include_once of ewiki.php. | ||||
| CVE-2008-2699 | 1 Gwm | 1 Galatolo Webmanager | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | ||||
| CVE-2007-4983 | 1 Cowon America | 1 Jetaudio | 2026-04-23 | N/A |
| Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call. | ||||
| CVE-2007-5005 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2026-04-23 | N/A |
| Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. | ||||
| CVE-2007-5103 | 1 Wordsmith | 1 Wordsmith | 2026-04-23 | N/A |
| Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter. | ||||
| CVE-2007-1144 | 1 Comscripts | 1 J-web Pics Navigator | 2026-04-23 | N/A |
| Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | ||||
| CVE-2007-5299 | 1 Skadate | 1 Skadate Online Dating Software | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | ||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2026-04-23 | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | ||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2026-04-23 | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | ||||
| CVE-2007-4957 | 1 Chupix | 1 Chupix Cms | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire parameter, or create arbitrary directories via a .. (dot dot) in the (3) repertoire parameter. | ||||
| CVE-2007-4457 | 1 Florian Mahieu | 1 Dalai Forum | 2026-04-23 | N/A |
| Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. | ||||