Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.
Max CVSS
5.0
EPSS Score
0.18%
Published
2006-04-29
Updated
2008-09-05
Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
7.8
EPSS Score
0.71%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
5.0
EPSS Score
12.96%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
7.8
EPSS Score
0.71%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
5.0
EPSS Score
6.82%
Published
2006-04-29
Updated
2018-10-18
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Max CVSS
7.5
EPSS Score
0.78%
Published
2006-04-27
Updated
2018-10-18
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
Max CVSS
6.4
EPSS Score
2.25%
Published
2006-04-26
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal.
Max CVSS
5.8
EPSS Score
0.53%
Published
2006-04-26
Updated
2018-10-18
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.
Max CVSS
5.0
EPSS Score
1.35%
Published
2006-04-25
Updated
2018-10-18
Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message.
Max CVSS
5.0
EPSS Score
0.64%
Published
2006-04-25
Updated
2017-07-20
Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
1.08%
Published
2006-04-25
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
Max CVSS
4.3
EPSS Score
0.43%
Published
2006-04-25
Updated
2018-10-18
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.
Max CVSS
5.0
EPSS Score
3.45%
Published
2006-04-25
Updated
2018-10-18
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
Max CVSS
5.5
EPSS Score
0.52%
Published
2006-04-21
Updated
2018-10-18
Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request.
Max CVSS
5.0
EPSS Score
0.65%
Published
2006-04-24
Updated
2017-07-20
Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.
Max CVSS
5.0
EPSS Score
0.84%
Published
2006-04-24
Updated
2018-10-18
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.
Max CVSS
4.3
EPSS Score
0.38%
Published
2006-04-20
Updated
2018-10-18
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
Max CVSS
5.0
EPSS Score
1.82%
Published
2006-04-20
Updated
2017-07-20
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
Max CVSS
4.6
EPSS Score
0.06%
Published
2006-04-26
Updated
2018-10-18
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-04-25
Updated
2023-02-13
Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.
Max CVSS
6.4
EPSS Score
0.68%
Published
2006-04-18
Updated
2018-10-18
Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter.
Max CVSS
6.4
EPSS Score
1.99%
Published
2006-04-18
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.
Max CVSS
5.8
EPSS Score
0.46%
Published
2006-04-18
Updated
2018-10-18
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
Max CVSS
7.5
EPSS Score
2.64%
Published
2006-04-18
Updated
2017-10-19
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
Max CVSS
6.4
EPSS Score
0.66%
Published
2006-04-18
Updated
2018-10-18
41 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!