Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Website Directory Security Vulnerabilities

cve
cve

CVE-2024-24934

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through...

8.5CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
109
cve
cve

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a....

5.3CVSS

5.5AI Score

0.001EPSS

2024-04-09 07:15 PM
38
cve
cve

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export...

7.5CVSS

7.5AI Score

0.003EPSS

2024-01-08 07:15 PM
64
cve
cve

CVE-2022-45527

File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg...

9.8CVSS

9.2AI Score

0.002EPSS

2023-02-08 07:15 PM
14
cve
cve

CVE-2018-20638

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/...

6.5CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM
15
cve
cve

CVE-2008-6334

Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename...

6.8AI Score

0.042EPSS

2009-02-27 05:30 PM
28
cve
cve

CVE-2008-4532

Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search...

5.7AI Score

0.003EPSS

2008-10-09 06:14 PM
22
cve
cve

CVE-2005-2436

browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error...

6.4AI Score

0.01EPSS

2005-08-03 04:00 AM
27
cve
cve

CVE-2001-0394

Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn...

7AI Score

0.008EPSS

2002-03-09 05:00 AM
28
cve
cve

CVE-2001-0626

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":"...

6.9AI Score

0.031EPSS

2002-03-09 05:00 AM
27