# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2009-4512 |
22 |
1
|
Dir. Trav. |
2009-12-31 |
2017-08-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL's is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj_id parameter. |
2 |
CVE-2009-4449 |
22 |
|
Dir. Trav. |
2009-12-29 |
2011-01-04 |
6.3 |
None |
Remote |
Medium |
??? |
Complete |
None |
None |
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. |
3 |
CVE-2009-4435 |
22 |
2
|
Dir. Trav. |
2009-12-28 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php. |
4 |
CVE-2009-4434 |
22 |
2
|
Dir. Trav. |
2009-12-28 |
2009-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter. |
5 |
CVE-2009-4427 |
22 |
1
|
Dir. Trav. |
2009-12-28 |
2020-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. |
6 |
CVE-2009-4426 |
22 |
2
|
Dir. Trav. |
2009-12-28 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. |
7 |
CVE-2009-4421 |
22 |
|
Dir. Trav. |
2009-12-24 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter. |
8 |
CVE-2009-4415 |
22 |
|
Dir. Trav. |
2009-12-24 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php. |
9 |
CVE-2009-4383 |
22 |
|
Dir. Trav. |
2009-12-22 |
2009-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. |
10 |
CVE-2009-4374 |
22 |
|
Dir. Trav. |
2009-12-21 |
2010-06-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. |
11 |
CVE-2009-4315 |
22 |
1
|
Exec Code Dir. Trav. |
2009-12-14 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code. |
12 |
CVE-2009-4261 |
22 |
|
Exec Code +Priv Dir. Trav. |
2009-12-21 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." |
13 |
CVE-2009-4231 |
22 |
1
|
Dir. Trav. |
2009-12-08 |
2009-12-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter. |
14 |
CVE-2009-4216 |
22 |
1
|
Dir. Trav. |
2009-12-07 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter. |
15 |
CVE-2009-4205 |
22 |
1
|
Dir. Trav. |
2009-12-04 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. |
16 |
CVE-2009-4202 |
22 |
1
|
Dir. Trav. |
2009-12-04 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. |
17 |
CVE-2009-4194 |
22 |
1
|
Dir. Trav. |
2009-12-03 |
2017-08-17 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information. |
18 |
CVE-2009-4192 |
22 |
|
Dir. Trav. |
2009-12-03 |
2009-12-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
19 |
CVE-2009-4154 |
22 |
1
|
Dir. Trav. |
2009-12-02 |
2009-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
20 |
CVE-2009-4116 |
22 |
|
Exec Code Dir. Trav. |
2009-11-30 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter in a (1) list or (2) editnews action to the Editnews module, and (3) the save_con[skin] parameter in the Options module. NOTE: vector 3 can be leveraged for code execution by using a .. to include and execute arbitrary local files. |
21 |
CVE-2009-4088 |
22 |
2
|
Dir. Trav. |
2009-11-29 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php. |
22 |
CVE-2009-4056 |
22 |
|
Dir. Trav. |
2009-11-24 |
2009-11-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. |
23 |
CVE-2009-4053 |
22 |
|
Dir. Trav. |
2009-11-23 |
2009-11-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
24 |
CVE-2009-4050 |
22 |
|
Dir. Trav. |
2009-11-23 |
2009-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
25 |
CVE-2009-3912 |
22 |
1
|
Dir. Trav. |
2009-11-09 |
2009-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter. |
26 |
CVE-2009-3902 |
22 |
|
Dir. Trav. |
2009-11-06 |
2017-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. |
27 |
CVE-2009-3898 |
22 |
|
Dir. Trav. |
2009-11-24 |
2021-11-10 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. |
28 |
CVE-2009-3825 |
22 |
1
|
Dir. Trav. |
2009-10-28 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. |
29 |
CVE-2009-3824 |
22 |
1
|
Dir. Trav. |
2009-10-28 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. |
30 |
CVE-2009-3823 |
22 |
1
|
Dir. Trav. |
2009-10-28 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. |
31 |
CVE-2009-3792 |
22 |
|
Dir. Trav. |
2009-12-21 |
2009-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors. |
32 |
CVE-2009-3787 |
22 |
|
Dir. Trav. |
2009-10-26 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. |
33 |
CVE-2009-3733 |
22 |
|
Dir. Trav. |
2009-11-02 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors. |
34 |
CVE-2009-3728 |
22 |
|
Dir. Trav. |
2009-11-09 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. |
35 |
CVE-2009-3702 |
22 |
|
Dir. Trav. File Inclusion |
2009-12-22 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. |
36 |
CVE-2009-3694 |
22 |
|
Dir. Trav. |
2009-10-13 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in config/config.php in ezRecipe-Zee 91, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg[prePath] parameter. |
37 |
CVE-2009-3693 |
22 |
|
Dir. Trav. |
2009-10-13 |
2009-10-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method. |
38 |
CVE-2009-3664 |
22 |
1
|
Dir. Trav. |
2009-10-11 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters. |
39 |
CVE-2009-3625 |
22 |
|
Dir. Trav. |
2009-10-26 |
2023-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
CVE-2009-3625 Sahana: Arbitrary files access due improper processing of URLs with null character in the string |
40 |
CVE-2009-3583 |
22 |
|
Exec Code Dir. Trav. |
2009-12-23 |
2018-10-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. |
41 |
CVE-2009-3561 |
22 |
1
|
Dir. Trav. |
2009-10-05 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. |
42 |
CVE-2009-3542 |
22 |
1
|
Dir. Trav. File Inclusion |
2009-10-02 |
2017-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. |
43 |
CVE-2009-3538 |
22 |
|
Dir. Trav. |
2009-10-02 |
2009-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
44 |
CVE-2009-3535 |
22 |
2
|
Dir. Trav. File Inclusion |
2009-10-02 |
2017-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect. |
45 |
CVE-2009-3534 |
22 |
1
|
Dir. Trav. |
2009-10-02 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in index.php in LionWiki 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
46 |
CVE-2009-3515 |
22 |
1
|
Dir. Trav. |
2009-10-01 |
2017-09-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter. |
47 |
CVE-2009-3508 |
22 |
1
|
Dir. Trav. |
2009-10-01 |
2017-09-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php. |
48 |
CVE-2009-3507 |
22 |
1
|
Dir. Trav. |
2009-10-01 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter. |
49 |
CVE-2009-3451 |
22 |
|
Dir. Trav. |
2009-09-29 |
2018-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. |
50 |
CVE-2009-3425 |
22 |
1
|
Dir. Trav. |
2009-09-25 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. |