CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6604 22 1 Dir. Trav. 2007-12-31 2008-11-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.
2 CVE-2007-6584 22 2 Dir. Trav. 2007-12-28 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
3 CVE-2007-6582 22 1 Dir. Trav. 2007-12-28 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
4 CVE-2007-6581 22 1 Dir. Trav. 2007-12-28 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.
5 CVE-2007-6567 22 1 Dir. Trav. 2007-12-28 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
6 CVE-2007-6554 22 1 Dir. Trav. 2007-12-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
7 CVE-2007-6552 22 1 Dir. Trav. Bypass 2007-12-27 2008-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
8 CVE-2007-6528 22 1 Dir. Trav. 2007-12-27 2012-10-24
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
9 CVE-2007-6508 22 1 Dir. Trav. 2007-12-21 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
10 CVE-2007-6483 22 Dir. Trav. 2007-12-20 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
11 CVE-2007-6475 22 1 Dir. Trav. 2007-12-20 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
12 CVE-2007-6471 22 Dir. Trav. 2007-12-19 2008-09-05
5.8
None Remote Medium Not required Partial Partial None
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
13 CVE-2007-6453 22 Dir. Trav. 2007-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
14 CVE-2007-6404 22 1 Dir. Trav. 2007-12-17 2008-11-15
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.
15 CVE-2007-6400 22 1 Dir. Trav. 2007-12-17 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter.
16 CVE-2007-6397 22 1 Dir. Trav. 2007-12-17 2008-11-15
5.0
None Remote Low Not required None Partial None
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
17 CVE-2007-6378 22 Dir. Trav. 2007-12-14 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.
18 CVE-2007-6376 22 Dir. Trav. 2007-12-14 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2007-6369 22 1 Dir. Trav. 2007-12-14 2008-09-05
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter.
20 CVE-2007-6368 22 1 Dir. Trav. 2007-12-14 2013-07-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter.
21 CVE-2007-6344 22 1 Dir. Trav. 2007-12-13 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
22 CVE-2007-6331 22 1 Dir. Trav. 2007-12-13 2013-08-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
23 CVE-2007-6323 22 1 Dir. Trav. 2007-12-13 2008-11-15
5.0
None Remote Low Not required None None Partial
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
24 CVE-2007-6322 22 1 Dir. Trav. 2007-12-13 2008-11-15
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
25 CVE-2007-6317 22 Dir. Trav. 2007-12-11 2008-09-05
5.5
None Remote Low Single system Partial Partial None
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
26 CVE-2007-6290 22 1 Dir. Trav. 2007-12-10 2008-11-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
27 CVE-2007-6268 22 Dir. Trav. 2007-12-07 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
28 CVE-2007-6233 22 1 Dir. Trav. File Inclusion 2007-12-04 2008-09-05
4.9
None Remote Medium Single system Partial Partial None
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
29 CVE-2007-6230 22 1 Dir. Trav. 2007-12-04 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
30 CVE-2007-6215 22 1 Dir. Trav. 2007-12-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
31 CVE-2007-6214 22 1 Dir. Trav. 2007-12-04 2008-09-05
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
32 CVE-2007-6213 22 1 Dir. Trav. 2007-12-04 2008-11-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.
33 CVE-2007-6212 22 1 Dir. Trav. 2007-12-04 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
34 CVE-2007-6188 22 1 Dir. Trav. 2007-11-29 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
35 CVE-2007-6187 22 1 Dir. Trav. 2007-11-29 2008-11-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.
36 CVE-2007-6185 22 1 Dir. Trav. 2007-11-29 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
37 CVE-2007-6184 22 1 Dir. Trav. 2007-11-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
38 CVE-2007-6129 20 1 Dir. Trav. File Inclusion 2007-11-26 2008-11-15
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
39 CVE-2007-6086 22 1 Dir. Trav. 2007-11-21 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
40 CVE-2007-6079 22 1 Exec Code Dir. Trav. 2007-11-21 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
41 CVE-2007-5960 22 Dir. Trav. Bypass CSRF 2007-11-26 2010-08-21
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
42 CVE-2007-5956 22 +Priv Dir. Trav. 2007-11-14 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
43 CVE-2007-5927 22 Exec Code Dir. Trav. 2007-11-09 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
44 CVE-2007-5920 22 Dir. Trav. Bypass 2007-11-09 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.
45 CVE-2007-5915 22 Dir. Trav. 2007-11-09 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter.
46 CVE-2007-5890 Dir. Trav. 2007-11-07 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
47 CVE-2007-5845 94 2 Dir. Trav. Bypass 2007-11-06 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
48 CVE-2007-5844 22 1 Dir. Trav. File Inclusion 2007-11-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter.
49 CVE-2007-5831 22 Dir. Trav. 2007-11-05 2012-10-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information.
50 CVE-2007-5826 22 1 Dir. Trav. 2007-11-05 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
Total number of vulnerabilities : 339   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.