1341 matches found
CVE-2009-4582
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter...
XOOPS include/notification_update.php页面SQL注入漏洞
BUGTRAQ ID: 37597 Xoops是非常流行的动态web内容管理系统,用面向对象的PHP编写。 Xoops没有正确地过滤通过第三方模块(如News)向include/notificationupdate.php页面所提交的notlist参数便在SQL查询中使用,远程攻击者可以通过提交恶意请求执行SQL注入攻击。 Xoops 2.x 厂商补丁: Xoops ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.xoops.org/modules/news/print.php?storyid=5178...
XOOPS modules/pm/readpmsg.php页面跨站脚本漏洞
BUGTRAQ ID: 37594 Xoops是非常流行的动态web内容管理系统,用面向对象的PHP编写。 Xoops没有正确地过滤提交给modules/pm/readpmsg.php页面的op参数便返回给了用户,远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。成功攻击要求安装了Private Messaging模块。 Xoops 2.x 厂商补丁: Xoops ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
XOOPS 'include/notification_update.php' SQL Injection Vulnerability
XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================================= XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability ======================================================================= XOOPS Module dictionary...
XOOPS Module dictionary 2.0.18 - detail.php SQL Injection
XOOPS Module dictionary 2.0.18 - detail.php SQL Injection XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ AUTHOR : Palyo34 HOME : http://www.1923turk.biz DORK : allinurl: "modules/dictionary/detail.php?id"...
XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '18845' ssvid version = '1.0' author = 'kikay' vulDate = '2009-12-30' createDate ...
XOOPS Dictionary 2.0.18 SQL Injection
XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ AUTHOR : Palyo34 HOME : http://www.1923turk.biz DORK : allinurl: "modules/dictionary/detail.php?id" EXPLOIT :...
XOOPS Module dictionary 2.0.18 - 'detail.php' SQL Injection
XOOPS Module dictionary 2.0.18 detail.php SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ AUTHOR : Palyo34 HOME : http://www.1923turk.biz DORK : allinurl: "modules/dictionary/detail.php?id" EXPLOIT :...
xoops 2.0.14 article.php Sql注入漏洞
No description provided by source...
xoops 1.02 print.php Sql注入漏洞
No description provided by source...
xoops 2.3.2 代码执行漏洞
No description provided by source...
XOOPS Content Module 0.5 SQL Injection Vulnerability
XOOPS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops"; ifdescriptio...
CVE-2009-4359
Cross-site scripting XSS vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter...
CVE-2009-4360
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Sql injection
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter...
CVE-2009-4359
Cross-site scripting XSS vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter...
CVE-2009-4360
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2009-4359
The CVE refers to a Cross-site Scripting (XSS) vulnerability in folder.php of the SmartMedia 0.85 Beta module for XOOPS, exploitable via the categoryid parameter. The affected component is the SmartMedia 0.85 Beta XOOPS module; root cause is an XSS flaw that allows injecting arbitrary script/HTML...