CVE-2008-6551

Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 an adminlang cookie to admin/index.php; or the module parameter to 2...

CVE-2008-5943

Multiple directory traversal vulnerabilities in NavBoard 16 2.6.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to 1 adminmodules.php and 2 modules.php...

CVE-2008-5944

Cross-site scripting XSS vulnerability in modules.php in NavBoard 16 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the module parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in NavBoard 16 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the module parameter...

Sql injection

Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via 1 the nid parameter to index.php in a View action to the News module; 2 the vid parameter to index.php in a Result action to the Voting module; 3 the fid parameter t...

CVE-2008-3192

Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

CVE-2008-2838

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2081

The CVE-2008-2081 entry documents a directory traversal (Local File Inclusion) in index.php of Siteman 2.0.x2. The issue, exploitable by remote authenticated administrators via a .. in the module parameter, enables inclusion and execution of arbitrary local files. Root cause: insufficient input s...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

Directory traversal

Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter...

CVE-2007-6086

CVE-2007-6086 is a directory-traversal vulnerability in VigileCMS 1.4. The issue occurs in index.php where directory traversal sequences in the module parameter allow remote attackers to include and execute arbitrary local files. This leads to arbitrary code execution and partial/complete comprom...

CVE-2007-5820

Directory traversal vulnerability in index.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the deflang parameter to modules/files/list.php; the mpath parameter to 2 modules/projects/summary.inc.php or 3...

CVE-2007-5650

Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

CVE-2007-5650

Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to index.php...

Design/Logic Flaw

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...