Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter.
CWE-22
CVE-2008-6334
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-6335
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-6336
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.
CVE-2008-6288
Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-6290
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.