Filtered by CWE-22
Total 8695 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-4088 1 Telepark 1 Telepark.wiki 2025-04-09 N/A
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
CVE-2009-1760 1 Rasterbar Software 1 Libtorrent 2025-04-09 N/A
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
CVE-2008-2779 1 Globalscape 1 Cuteftp 2025-04-09 N/A
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2008-2782 1 Otomigenx 1 Otomigenx 2025-04-09 N/A
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
CVE-2008-2840 1 Exerocms 1 Exero Cms 2025-04-09 N/A
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.
CVE-2009-1847 1 Easypx41 1 Easy Px 41 Cms 2025-04-09 N/A
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fiche parameter.
CVE-2008-2942 1 Mercurial 1 Mercurial 2025-04-09 N/A
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
CVE-2009-1873 1 Adobe 1 Jrun 2025-04-09 N/A
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
CVE-2008-2969 1 Yektaweb 1 Academic Web Tools 2025-04-09 N/A
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
CVE-2008-2976 1 Tinx Cms 1 Tinx Cms 2025-04-09 N/A
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.
CVE-2008-2978 1 Ourvideocms 1 Ourvideo Cms 2025-04-09 N/A
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
CVE-2008-2985 1 Cmreams 1 Cmreams Cms 2025-04-09 N/A
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
CVE-2009-1912 1 Webspell 1 Webspell 2025-04-09 N/A
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
CVE-2009-0371 1 Sitexs Cms 1 Sitexs Cms 2025-04-09 N/A
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
CVE-2008-3087 1 Kasseler-cms 1 Kasseler Cms 2025-04-09 N/A
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
CVE-2008-3163 1 Regretless 1 Dodos Mail 2025-04-09 N/A
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3165 1 Fuzzylime 1 Fuzzylime Cms 2025-04-09 N/A
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.
CVE-2009-2037 1 Onlinegrades 1 Online Grades 2025-04-09 N/A
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
CVE-2008-3195 1 Twiki 1 Twiki 2025-04-09 N/A
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
CVE-2009-2109 1 Fretsweb Project 1 Fretsweb 2025-04-09 N/A
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.