• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2008-0259

February 26, 2023 by

Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.

CVE-2008-0221

February 26, 2023 by

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a .. (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

CVE-2008-0231

February 26, 2023 by

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via “..” sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.

CVE-2008-0184

February 26, 2023 by

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded “/” (“%2F”) in the file parameter.

CVE-2008-0194

February 26, 2023 by

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.

CVE-2008-0196

February 26, 2023 by

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the ….wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 72
  • Go to page 73
  • Go to page 74
  • Go to page 75
  • Go to page 76
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE