aWebNews version 1.0 suffers from a remote file disclosure vulnerability.
5c9f5bc5d30352655a77d39b647d30e151e63b31a79dc8ad4003053833c675a7
gallery 2.4.0 suffers from a remote file disclosure vulnerability.
c657bd9378dc6bd3199c13287d6a1dc9cde66ac1668c32892977cef0d954162a
cms-bandits 2.5 is vulnerable to remote command execution in td.php and img.php is register_globals is on.
f504f3d9d1e87ecfafdd00eedb1543f9fb6f153a8277d1e7d73b395d99a21c00