| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. |
| Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. |
| Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page. |
| Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. |
| Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. |
| Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. |
| Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. |
| Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. |
| Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. |
| Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. |
| Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. |
| Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1. |
| Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. |
| Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. |
| Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter. |
| Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors. |
| Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. |
| Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. |
| The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. |
