CVE-2014-3935

The CVE-2014-3935 entry covers an SQL injection in the Glossaire module (XOOPS) specifically in glossaire-aff.php, exploitable via the lettre parameter. The vulnerability affects Glossaire module 1.0 and allows remote execution of arbitrary SQL commands, with the issue classed as high severity (C...

XOOPS Glossaire Module 'glossaire-aff.php' SQL Injection Vulnerability

XOOPS module Glossaire is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

XOOPS Glossaire 1.0 SQL Injection Vulnerability

XOOPS module Glossaire version 1.0 suffers from a remote SQL injection vulnerability. Xoops Module Glossaire v1.0 - Sql Injection Vulnerabilty =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home...

XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection

XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection source: https://www.securityfocus.com/bid/67460/info Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An...

XOOPS Glossaire 1.0 SQL Injection

Xoops Module Glossaire v1.0 - Sql Injection Vulnerabilty =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.xoops.org/ .:. Dork :...

XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection

source: https://www.securityfocus.com/bid/67460/info Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can leverage this issue to compromise the application, access or...

CVE-2014-1968

Cross-site scripting XSS vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-1968

Cross-site scripting XSS vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-1968

CVE-2014-1968 affects XooNIps module for XOOPS (versions 3.47 and earlier). The vulnerability is a cross-site scripting (XSS) issue caused by improper handling of output character strings, enabling remote attackers to inject arbitrary script/HTML via unspecified vectors. Impact is an arbitrary sc...

JVN#87797318: XooNIps vulnerable to cross-site scripting

XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...

Xoops 2.5.6 Cross Site Scripting

Xoops 2.5.6 Multiple XSS vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://xoops.org/ - Affected versions: version 2.5.6last version is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Mehdi...

XOOPS 2.5.6 CSRF Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Xoops 2.3.2 Remote Code Execution

!/usr/bin/env python Title: Xoops 2.3.2 "mydirname" Remote Code Execution Exploit CVE: ????-???? Reference: http://secunia.com/advisories/33435/ Author: infodox Site: http://insecurety.net/ Twitter: @infodox Old news, just practicin' my python :3 import requests import sys vulnurl =...

Xoops Extgallery 1.0.8 Shell Upload / File Download

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Xoops Module (extgallery-v1.0.8) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/53945/info FileManager is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the...

Multiple XSS vulnerabilities in XOOPS

Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...

XOOPS 2.5.4 Multiple XSS Vulnerabilities

No description provided by source. Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site...

XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities

XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability...