Xoops 1.3.x/2.0 MyTextSanitizer HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7434/info A HTML injection vulnerability has been discovered in Xoops. The problem occurs due to insufficient filtering of HTML and script code by the MyTextSanitizer script. Successful exploitation of this vulnerability...

E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

XOOPS Recette 2.2 - 'detail.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28859/info XOOPS Recette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

RunCMS 1.1 Database Configuration Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12848/info RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information. Exploitation of this vulnerability could lead to the...

Content Module 0.5 for XOOPS 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37155/info The Content module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...

XOOPS <= 2.3.3 - Remote File Disclosure Vulnerability (.htaccess)

No description provided by source. ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca daath De Fulgentis -...

XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module XFsection = 1.07 articleid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module XFsection = 1.07...

XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module PopnupBlog = 2.52 postid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module PopnupBlog = 2.52...

XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module WF-Snippets = 1.02 c BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module WF-Snippets = 1.02 c...

XOOPS 2.0.14 (article.php) SQL Injection Vulnerability

No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ XOOPS 2.0.14 article.php SQL Injection Vulnerability Discovered By 0iZy5...

XOOPS 2.5.4 - Multiple XSS Vulnerabilities

No description provided by source...

XOOPS 'events' Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27890/info The XOOPS 'events' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...

XOOPS 'seminars' Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27891/info The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker...

XOOPS 'badliege' Module - 'id' Parameter SQL Injection Vulnerability

XOOPS 'badliege' Module - 'id' Parameter SQL Injection Vulnerability 1.漏洞信息 XOOPS 'badliege'模块是一款基于PHP的WEB应用程序。 XOOPS 'badliege'模块不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的'id'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 2. 测试方法...

XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/35895/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...

Xoops 1.3.5 Private Message System Font Attributes HTML Injection

No description provided by source. source: http://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious HTML code. This makes it possible f...

Xoops 1.3.x/2.0.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9166/info Multiple vulnerabilities were reported in Xoops. These issues include SQL injection and input validation issues that will allow remote attackers to manipulate banners and local variables. Exploitation could...

XOOPS Tiny Event 1.01 - 'print' Option SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27931/info Tiny Event is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...

SmartMedia Module 0.85 Beta for XOOPS 'categoryid' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37156/info The SmartMedia module for XOOPS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...

Xoops 2.0.17 1 Mylinks Module Brokenlink.PHP SQL injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit...