I found a link about some web applications vulnerability.
- Chicomos CMS Configuration File Disclosoure
- Zomplog 3.8.2 Blog Engine Arbitrary Files Download/Disclosoure
- Wheatlog Blog Engine Auto Create User
See below
http://kandangjamur.net/tutorial/multiple-application.txt