Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions.

PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.

PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code.

The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.

Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.