CVE-2008-3192

Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

CVE-2008-2838

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2081

The CVE-2008-2081 entry documents a directory traversal (Local File Inclusion) in index.php of Siteman 2.0.x2. The issue, exploitable by remote authenticated administrators via a .. in the module parameter, enables inclusion and execution of arbitrary local files. Root cause: insufficient input s...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

Directory traversal

Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter...

CVE-2007-6086

CVE-2007-6086 is a directory-traversal vulnerability in VigileCMS 1.4. The issue occurs in index.php where directory traversal sequences in the module parameter allow remote attackers to include and execute arbitrary local files. This leads to arbitrary code execution and partial/complete comprom...

CVE-2007-5820

Directory traversal vulnerability in index.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the deflang parameter to modules/files/list.php; the mpath parameter to 2 modules/projects/summary.inc.php or 3...

CVE-2007-5650

Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

CVE-2007-5650

Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

Design/Logic Flaw

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...

CVE-2006-4588

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module...

CVE-2006-3548

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a 1 javascript URI or an external 2 http, 3 https, or 4 ftp URI in the url parameter in services/go.php a...

Horde < 3.0.11 / 3.1.2 Multiple Script XSS

The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it in dynamically-generated content. An unauthenticated attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's...

CVE-2006-3237

Cross-site scripting XSS vulnerability in index.php in Enterprise Groupware System EGS 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter...

CVE-2005-3067

Cross-site scripting XSS vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter...