Leif M. Wright Web Blog <1.1,1.1.5 - Command Injection
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.