Filtered by vendor Xoops
Subscribe
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4435 | 2 Rmsoft, Xoops | 2 Downloads Plus Module, Xoops | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php. | |||||
CVE-2008-4653 | 1 Xoops | 2 Makale, Xoops | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2007-1815 | 1 Xoops | 1 Library Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2007-1814 | 1 Xoops | 1 Core Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | |||||
CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | |||||
CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | |||||
CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
CVE-2007-5188 | 1 Xoops | 1 Xoops | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | |||||
CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
CVE-2007-1846 | 1 Xoops | 1 Malaika System Myads Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. | |||||
CVE-2008-1063 | 1 Xoops | 1 Xm-memberstats | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | |||||
CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | |||||
CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | |||||
CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. |