XOOPS 2.3.3 - .htaccess Remote File Disclosure

XOOPS 2.3.3 - .htaccess Remote File Disclosure ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca "daath" De...

XOOPS 2.3.3 - '.htaccess' Remote File Disclosure

======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca "daath" De Fulgentis - daathatnibblesecdotorg Advisory...

XOOPS Cube Legacy cross-site scripting vulnerability

Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...

JVN#74747784 XOOPS Cube Legacy cross-site scripting vulnerability

XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this...

E-Xoops 1.08 SQL Injection

Author: Dante90, WaRWolFz Crew Title: 0-Day SQL Injection E-Xoops = 1.08 By Dante90 MSN: [email protected] Web: www.warwolfz.org 0-Day SQL Injection E-Xoops = 1.08 By Dante90 code http://www.victimesite.org/WaRWolFz/modules/mylinks/ratelink.php?lid=-1UNION SELECT CONCATname,CHAR32,58,32,pas...

CVE-2009-0805

Cross-site scripting XSS vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the eventid parameter in index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the eventid parameter in index.php...

CVE-2009-0805

Cross-site scripting XSS vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the eventid parameter in index.php...

CVE-2009-0805

CVE-2009-0805 describes a cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier , a XOOPS calendar module. The flaw allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. Impact is arbitrary script execution in affected users’ browser...

PEAK XOOPS piCal cross-site scripting vulnerability

Overview piCal from PEAK XOOPS contains a cross-site scripting vulnerability. piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#91591874 PEAK XOOPS piCal cross-site scripting vulnerability

piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

XOOPS tadbook2 SQL Injection

XOOPS Module: tadbook2 AUTHOR : Stylextra HOME : http://www.zamet.org MAIL : [email protected] DORKS : dork: /modules/tadbook2/openbook.php?booksn= target: scriptpage.com/modules/tadbook2/openbook.php?booksn=sql Code Sql code: -99//union//select//version,2/ live link:...

XOOPS mydirname参数多个PHP代码注入漏洞

BUGTRAQ ID: 33176 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。...

XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================ XOOPS Module tadbook2 openbook.php booksn SQL Injection Vuln ================================================================ XOOPS Module: tadbook2 AUTHOR : Stylextra DORKS ...

XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln

No description provided by source. XOOPS Module: tadbook2 AUTHOR : Stylextra HOME : http://www.zamet.org MAIL : [email protected] DORKS : dork: /modules/tadbook2/openbook.php?booksn= target: scriptpage.com/modules/tadbook2/openbook.php?booksn=sql Code Sql code: -99//union//select//version,2/...

XOOPS Module tadbook2 - SQL Injection

XOOPS Module tadbook2 - SQL Injection XOOPS Module: tadbook2 AUTHOR : Stylextra HOME : http://www.zamet.org MAIL : [email protected] DORKS : dork: /modules/tadbook2/openbook.php?booksn= target: scriptpage.com/modules/tadbook2/openbook.php?booksn=sql Code Sql code: -99//union//select//version,...

XOOPS Module tadbook2 - SQL Injection

XOOPS Module: tadbook2 AUTHOR : Stylextra HOME : http://www.zamet.org MAIL : [email protected] DORKS : dork: /modules/tadbook2/openbook.php?booksn= target: scriptpage.com/modules/tadbook2/openbook.php?booksn=sql Code Sql code: -99//union//select//version,2/ live link:...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory...

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

XOOPS 2.3.2 Code Execution Exploit

!/usr/bin/php -q 3 die"\n$num isn't a valid option\n"; else yeatshell; function yeatshell while 1 echo "yeatphp-shell$: "; $exec = stripslashestrimfgetsSTDIN; if preg...