CVE-2011-4565

CVE-2011-4565 concerns XOOPS, affecting version 2.5.1.a (and possibly earlier). It describes two cross-site scripting (XSS) vectors: (1) the text parameter to include/formdhtmltextarea_preview.php and (2) the img BBCode tag within the message parameter to pmlite.php (Private Message). The availab...

XOOPS '.php' Files Information Disclosure Vulnerability

XOOPS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops";...

CVE-2011-3822

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoopsversion.php and certain other files...

Information disclosure

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoopsversion.php and certain other files...

CVE-2011-3822

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoopsversion.php and certain other files...

CVE-2011-3822

CVE-2011-3822 affects XOOPS 2.5.0. The vulnerability is an information disclosure where a direct request to a .php file (e.g., modules/system/xoops_version.php) can reveal the installation path in an error message. The issue is documented across multiple sources (NVD, Red Hat, OpenVAS, etc.) with...

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

XOOPS Remote Install System Vulnerability

Exploit for php platform in category web applications Exploit Title:XOOPS Remote Install System Vulnerability Date: 6/7/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-Injectionathotmaildotcom Version: v1.2 Category:: webapps Google dork: intitle:"XOOPS Custom...

Xoops v2.5.0 (Tiny_mce) File Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

XOOPS video tube plugin SQL injection-vulnerability warning-the black bar safety net

Publishing author: knife Affected versions: 2.4.4 Official address: www.discuz.net Vulnerability type: SQL injection Plug-in: video tube 1.85 the following test only a 1.85） Vulnerability file: reportvideopopup.php vid variable filter is not strictly produce SQL Injection if isset$GET'vid' $vid =...

XOOPS 'imagemanager.php' Local File Inclusion Vulnerability

XOOPS is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops"; ifdescription...

XOOPS 2.5.0 Local File Inclusion

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

XOOPS 2.5 - imagemanager.php Local File Inclusion

XOOPS 2.5 - imagemanager.php Local File Inclusion source: https://www.securityfocus.com/bid/47418/info XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view arbitrary local files within th...

XOOPS 2.5 - 'imagemanager.php' Local File Inclusion

source: https://www.securityfocus.com/bid/47418/info XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully...

Xoops 2.5.0 (banners.php) LFI Vulnerability

Exploit for php platform in category web applications Title : Xoops 2.5.0 banners.php LFI Vulnerability Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Local File Inclusion Tested on : Window...

XOOPS 2.5.0 Local File Inclusion

Title : Xoops 2.5.0 banners.php LFI Vulnerability Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Local File Inclusion Tested on : Windows XP sp3 FR Note : BAC 2011 Enchallah Me & BadR0 &...

XOOPS 2.5 - banners.php Multiple Local File Inclusions

XOOPS 2.5 - banners.php Multiple Local File Inclusions source: https://www.securityfocus.com/bid/47174/info XOOPS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially...

XOOPS 2.5 - 'banners.php' Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/47174/info XOOPS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local...

Xoops module JOBs Multiple Remote Vulnerabilities

Exploit for php platform in category web applications Title : Xoops module JOBs Multiple Remote Vulnerabilities Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : XSS / Database backup Tested on...

XOOPS JOBs Cross Site Scripting / Backup Disclosure

Title : Xoops module JOBs Multiple Remote Vulnerabilities Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : XSS / Database backup Tested on : Windows XP sp3 FR Note : BAC 2011 Enchallah Me &...