Filtered by vendor Xoops
Subscriptions
Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2017-10-11 | N/A |
PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | ||||
CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2017-10-11 | N/A |
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2017-10-11 | N/A |
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | ||||
CVE-2007-3057 | 1 Xoops | 1 Icontent Module | 2017-10-11 | N/A |
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2017-10-11 | N/A |
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | ||||
CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2017-10-11 | N/A |
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2017-10-11 | N/A |
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2017-10-11 | N/A |
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | ||||
CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2017-10-11 | N/A |
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | ||||
CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2017-10-11 | N/A |
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2017-10-11 | N/A |
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2017-10-11 | N/A |
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2017-10-11 | N/A |
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
CVE-2007-1815 | 1 Xoops | 1 Library Module | 2017-10-11 | N/A |
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
CVE-2007-1814 | 1 Xoops | 1 Core Module | 2017-10-11 | N/A |
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | ||||
CVE-2008-7178 | 1 Xoops | 2 Uploader, Xoops | 2017-09-29 | N/A |
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php. | ||||
CVE-2008-6884 | 1 Xoops | 1 Xoops | 2017-09-29 | N/A |
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. | ||||
CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2017-09-29 | N/A |
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
CVE-2008-5665 | 1 Xoops | 1 Xoops | 2017-09-29 | N/A |
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. | ||||
CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2017-09-29 | N/A |
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. |