Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.
http://www.vupen.com/english/advisories/2006/1201
http://www.securityfocus.com/bid/17357
http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524