Filtered by vendor Runcms
Subscriptions
Total
34 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0224 | 1 Runcms | 1 Runcms | 2017-10-19 | N/A |
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | ||||
CVE-2008-1551 | 1 Runcms | 2 Photo Module, Runcms | 2017-10-11 | N/A |
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
CVE-2008-2084 | 2 Myarticles, Runcms | 2 Myarticles, Myarticles Module | 2017-09-29 | N/A |
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. | ||||
CVE-2008-1462 | 1 Runcms | 1 Runcms | 2017-09-29 | N/A |
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | ||||
CVE-2008-0878 | 1 Runcms | 1 Myannonces | 2017-09-29 | N/A |
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | ||||
CVE-2009-2591 | 2 E-xoopport, Runcms | 2 E-xoopport, Myannonces | 2017-09-19 | N/A |
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php. | ||||
CVE-2010-2852 | 1 Runcms | 1 Runcms | 2017-08-17 | N/A |
Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
CVE-2008-3354 | 1 Runcms | 2 Newbb Plus Module, Runcms | 2017-08-08 | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2007-6549 | 1 Runcms | 1 Runcms | 2017-08-08 | N/A |
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | ||||
CVE-2007-5535 | 1 Runcms | 1 Runcms | 2017-07-29 | N/A |
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. | ||||
CVE-2005-1031 | 2 E-xoops, Runcms | 2 E-xoops, Runcms | 2017-07-11 | N/A |
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | ||||
CVE-2006-0659 | 1 Runcms | 1 Runcms | 2011-09-08 | N/A |
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | ||||
CVE-2006-1793 | 1 Runcms | 1 Runcms | 2008-09-05 | N/A |
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. | ||||
CVE-2006-1216 | 1 Runcms | 1 Runcms | 2008-09-05 | N/A |
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. |