XOOPS Module Repository Remote SQL Injection (CVE-2007-1847)

An SQL injection vulnerability has been reported in Xoops Repository Module. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS articlephp SQL Injection (CVE-2008-2094)

An SQL injection vulnerability has been reported in Xoops Article Module. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS Module dictionary SQL Injection (CVE-2009-4582)

An SQL injection vulnerability has been reported in Xoops Dictionary. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS Module Jobs Remote SQL Injection (CVE-2007-2370)

An SQL injection vulnerability has been reported in Xoops John Mordo Jobs Module. An attacker could exploit this vulnerability via the cid parameter in a jobsview action. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected...

XOOPS Module Lykos Reviews SQL Injection (CVE-2007-1817)

An SQL injection vulnerability has been reported in Lykoszine Lykos Reviews Module. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS Module Glossarie Remote SQL Injection (CVE-2007-2738)

An SQL injection vulnerability has been reported in Xoops Glossaire Module. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS Module MyConference SQL Injection (CVE-2007-2737)

An SQL injection vulnerability has been reported in Xoops Myconference Module. An attacker could exploit this vulnerability via the cid parameter. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

XOOPS Module GesGaleri Remote SQL Injection (CVE-2008-5321)

An SQL injection vulnerability has been reported in Xoops Hocasi Gesgaleri. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2012-0984

Multiple cross-site scripting XSS vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 touserid parameter to modules/pm/pmlite.php or the 2 currentfile, 3 imgcatid, or 4 target parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 touserid parameter to modules/pm/pmlite.php or the 2 currentfile, 3 imgcatid, or 4 target parameter to...

CVE-2012-0984

Multiple cross-site scripting XSS vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 touserid parameter to modules/pm/pmlite.php or the 2 currentfile, 3 imgcatid, or 4 target parameter to...

CVE-2012-0984

The CVE-2012-0984 entry affects XOOPS before 2.5.5, with multiple XSS vulnerabilities exploitable via user-controlled inputs in several PHP scripts: to_userid (modules/pm/pmlite.php), current_file, imgcat_id, and target (class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanage...

XOOPS Module Dictionary <= 0.94 Remote SQL Injection Vulnerability

No description provided by source...

XOOPS 'prayerlist' Module - 'cid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27934/info XOOPS 'prayerlist' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...

XOOPS Module resmanager <= 1.21 - Blind SQL Injection Exploit

No description provided by source. html head titleXOOPS Module resmanager = 1.21 editday.php BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module resmanager =...

xoops module tsdisplay4xoops 0.1 - Remote File Inclusion Vulnerability

No description provided by source. tsdisplay4xoops 0.1xoopsurlRemote File Include Vulnerabilitiy D.Script: http://kisskool30.free.fr/tsdisplay4xoopsv0.08.zip Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc...

E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

Xoops 2.0.5 .1 MyLinks Myheader.php Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9269/info Xoops is prone to a cross-site scripting vulnerability in the 'myheader.php' script included in the mylinks module. A remote attacker could exploit this issue by embedding hostile HTML and script code in a...

Xoops <= 2.2.3 Search.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20514/info Xoops is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

XOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit

No description provided by source. !/usr/bin/perl Xoops = 2.0.11 xmlrpc.php sql injection exploit by RST/GHC based on http://www.gulftech.org/?node=research&articleid=00086-06292005 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru example: r57xoops.pl -u http://www.xoops2.ru/xmlrpc.php ...