VYPR
Vendor

Xpression News

Products
2
CVEs
2
Across products
4
Status
Private

Products

2

Recent CVEs

2
  • CVE-2007-1040Feb 21, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.

  • CVE-2007-1042Feb 21, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this…