Filtered by vendor Xoops
Subscribe
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1351 | 1 Xoops | 1 Tutoriais Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php. | |||||
CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-6675 | 1 Xoops | 1 Xoops | 2024-02-28 | 5.0 MEDIUM | N/A |
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules. | |||||
CVE-2008-0613 | 1 Xoops | 1 Xoops | 2024-02-28 | 5.0 MEDIUM | N/A |
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | |||||
CVE-2007-5188 | 1 Xoops | 1 Xoops | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | |||||
CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | |||||
CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
CVE-2008-0612 | 1 Xoops | 1 Xoops | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
CVE-2007-3289 | 1 Xoops | 1 Wiwimod Module | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. |