CVE-2006-1604

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."...

CVE-2006-1607

Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors...

CVE-2006-1605

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP."...

CVE-2006-1606

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors...

Design/Logic Flaw

Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors...

CVE-2006-1606

CVE-2006-1606 concerns Exponent CMS prior to 0.96.5 RC1. The image module contains an unspecified vulnerability that allows directory disclosure. The only concrete detail from the connected sources is that this affects Exponent CMS’s image module and enables partial disclosure of information, wit...

CVE-2006-1607

Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors...

CVE-2006-1604

Affected product: Exponent CMS prior to 0.96.5 RC1. The vulnerability is described as an unspecified issue with variables that are not 'typecasted', with unknown impact. NVD records a CVSS v2 base score of 10.0 (HIGH) with network attack vector, requiring no authentication, and affecting confiden...

CVE-2006-1605

The CVE-2006-1605 entry concerns Exponent CMS, specifically the image module prior to version 0.96.5 RC 1. It states an unspecified vulnerability that allows remote attackers to execute arbitrary code via unknown vectors involving “parsed PHP.” The connected documents corroborate the affected sof...

CVE-2006-1606

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors...

CVE-2006-1604

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."...

CVE-2006-1605

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP."...

CVE-2006-1607

CVE-2006-1607 – Exponent CMS : A PHP injection vulnerability exists in the banner module of Exponent CMS prior to 0.96.5 RC1. The issue is triggered via unspecified attack vectors, affecting the banner component and potentially impacting confidentiality, integrity, and availability. The NVD CVSS ...

Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities

Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12358/info Exponent is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an...

Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12358/info Exponent is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication...

CVE-2005-3766

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files...

CVE-2005-3762

SQL injection vulnerability in the navigation module navigationmodule in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter...

CVE-2005-3761

Cross-site scripting XSS vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via 1 Javascript in forms produced by the form generator or 2 the parameters to the installer...

CVE-2005-3767

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files...

CVE-2005-3763

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability...