7 matches found
CVE-2006-4963
Exponent CMS 0.96.3 is vulnerable to a local file inclusion (LFI) via the view parameter in the calendarmodule’s show_view action (index.php). The underlying issue is improper handling of ../ sequences that allows remote attackers to read and execute arbitrary local files, demonstrated by PHP cod...
CVE-2007-2252
The CVE-2007-2252 entry describes a directory traversal in Exponent CMS, affecting iconspopup.php where the icodir parameter can be exploited with a .. payload to disclose sensitive information. Affected version(s): Exponent CMS 0.96.6 Alpha and earlier. Root cause is improper handling of user-su...
CVE-2006-1605
The CVE-2006-1605 entry concerns Exponent CMS, specifically the image module prior to version 0.96.5 RC 1. It states an unspecified vulnerability that allows remote attackers to execute arbitrary code via unknown vectors involving “parsed PHP.” The connected documents corroborate the affected sof...
CVE-2007-2253
CVE-2007-2253 affects Exponent CMS 0.96.6 Alpha and earlier. The vulnerability is a path disclosure where remote attackers can obtain path information by directly requesting (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. The connected documents provide these concrete affected...
CVE-2006-1604
Affected product: Exponent CMS prior to 0.96.5 RC1. The vulnerability is described as an unspecified issue with variables that are not 'typecasted', with unknown impact. NVD records a CVSS v2 base score of 10.0 (HIGH) with network attack vector, requiring no authentication, and affecting confiden...
CVE-2006-1607
CVE-2006-1607 – Exponent CMS : A PHP injection vulnerability exists in the banner module of Exponent CMS prior to 0.96.5 RC1. The issue is triggered via unspecified attack vectors, affecting the banner component and potentially impacting confidentiality, integrity, and availability. The NVD CVSS ...
CVE-2006-1606
CVE-2006-1606 concerns Exponent CMS prior to 0.96.5 RC1. The image module contains an unspecified vulnerability that allows directory disclosure. The only concrete detail from the connected sources is that this affects Exponent CMS’s image module and enables partial disclosure of information, wit...