1341 matches found
XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...
XOOPS 2.5.4 - tiny_mcepluginsxoopsimagemanagerxoopsimagebrowser.php Multiple Cross-Site Scripting Vulnerabilities
XOOPS 2.5.4 - tinymcepluginsxoopsimagemanagerxoopsimagebrowser.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53143/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An...
XOOPS 2.5.4 - modulespmpmlite.php?to_userid Cross-Site Scripting
XOOPS 2.5.4 - modulespmpmlite.php?touserid Cross-Site Scripting source: https://www.securityfocus.com/bid/53143/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...
XOOPS 2.5.4 Cross Site Scripting
Exploit for php platform in category web applications Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site...
XOOPS 2.5.4 - '/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/53143/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
XOOPS 2.5.4 - '/modules/pm/pmlite.php?to_userid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/53143/info XOOPS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
XOOPS 2.5.4 Cross Site Scripting
Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...
XOOPS 2.3.2 RCE
Remote code execution vulnerability in XOOPS mydirname parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS
Hello 3APA3A! Besides tens millions of vulnerable web sites with affected flash files and vulnerable multiple plugins for different engines, which I've wrote about earlier, there are a lot of other vulnerable plugins. Here are new ones some of them are vulnerable to two XSS holes. There are...
Xoops 2.5.4 blind and fix-vulnerability warning-the black bar safety net
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Download address: Author: blkhtc0rp www.badguest.cn blkhtc0rpatyahoodotcom Test platform: Freebsd 8 and Debian Squeeze Comment: In order to be successful an attacker must have...
Xoops 2.5.4 Blind SQL Injection Vulnerability
No description provided by source. Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian Squeeze Note: In order to be successful an attacker must have permission to access the...
Xoops 2.5.4 Blind SQL Injection
Exploit for php platform in category web applications ------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail:...
Xoops 2.5.4 Blind SQL Injection
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...
Xoops 2.5.4 - Blind SQL Injection
Xoops 2.5.4 - Blind SQL Injection ------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom...
Xoops 2.5.4 - Blind SQL Injection
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...
Multiple XSS vulnerabilities in XOOPS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in XOOPS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in XOOPS: CVE-2012-0984 1.1 Input passed via the "touserid" POST parameter to /modules/pm/pmlite.php ...
XOOPS 'text' and 'message' Parameter Cross-Site Scripting Vulnerabilities
XOOPS is prone to cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops"; ifdescripti...
CVE-2011-4565
Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to include/formdhtmltextareapreview.php or 2 img BBCODE tag within the message parameter to pmlite.php aka...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to include/formdhtmltextareapreview.php or 2 img BBCODE tag within the message parameter to pmlite.php aka...
CVE-2011-4565
Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to include/formdhtmltextareapreview.php or 2 img BBCODE tag within the message parameter to pmlite.php aka...