CVE-2015-2243

Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php...

CVE-2010-1374

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation...

CVE-2005-3782

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering "restart", "power", or "shutdown" sequences after t...

CVE-2005-1798

Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. dot dot sequences in an HTTP request...

CVE-2005-1813

Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing 1 "../" dot dot slash or 2 ".." dot dot backslash sequences...

CVE-2005-2686

Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the 1 SITEPath parameter to menudx.php or 2 CONTENTSDir parameter to menusx.php...

CVE-2009-4000

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter...

ABB Cylon Aspect 3.08.03 (logYumLookup.php) Hybrid Path Traversal

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BAS controller is vulnerable to an authenticated...

CVE-2009-0766

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-1062

InterVideo IMC Server aka IMCSvr.exe and InterVideo Home Theater aka IHT.exe in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service NULL dereference and application crash via a crafted packet with two CRLF sequences. NOTE: the provenance of this informatio...

CVE-2005-2854

CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay spam proxy via CRLF sequences in the 1 name or 2 email fields, which are injected into mail headers...

CVE-2005-2997

Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in 1 the currentdir parameter to txt.php, or the currentdir parameter to 2 htm.php or 3 html.php...

CVE-2009-3233

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack...

CVE-2005-3097

Directory traversal vulnerability in Avi Alkalay contribute.cgi aka contribute.pl, dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable...

CVE-2005-3086

Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter...

CVE-2005-3040

Directory traversal vulnerability in the web interface ISALogin.dll for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter...

CVE-2008-3939

Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI...

CVE-2003-1338

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...

CVE-2004-2294

Canonicalize-before-filter error in the sendreview function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leadin...

CVE-2009-2222

Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail...