XOOPS 2.3.2 - mydirname PHP Remote Code Execution

XOOPS 2.3.2 - mydirname PHP Remote Code Execution !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution...

XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit ========================================================= !/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code...

XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution

!/usr/bin/php -q ?php / XOOPS 2.3.2 mydirname Remote PHP Code Execution Exploit by athos - stakerathotmaildotit http://xoops.org thanks to s3rg3770 and The:Paradox works with register globals on note: this vuln is a remote php code execution Directory xoopslib/modules/protector/...

tadbook2 Module for XOOPS - open_book.php SQL Injection

tadbook2 Module for XOOPS - openbook.php SQL Injection source: https://www.securityfocus.com/bid/33196/info The tadbook2 module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...

tadbook2 Module for XOOPS - 'open_book.php' SQL Injection

source: https://www.securityfocus.com/bid/33196/info The tadbook2 module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

CVE-2008-5768

SQL injection vulnerability in print.php in the AM Events aka Amevents module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in print.php in the AM Events aka Amevents module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-5768

The CVE-2008-5768 entry is an actionable SQL injection in the AM Events module (Amevents) for XOOPS version 0.22, exploitable through print.php via the id parameter. The underlying issue is a direct SQL command construction vulnerability that allows remote attackers to execute arbitrary SQL comma...

CVE-2008-5768

SQL injection vulnerability in print.php in the AM Events aka Amevents module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

XOOPS xoopsConfig[language] Parameter Local File Inclusion (DSECRG-08-040)

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'xoopsConfiglanguage' parameter before passing it to a PHP 'includeonce' function in 'xoopslib/modules/protector/main.php'. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker...

CVE-2008-5665

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter...

Sql injection

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter...

CVE-2008-5665

SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter...

CVE-2008-5665

CVE-2008-5665: A SQL injection vulnerability exists in the XOOPS xhresim module, specifically in index.php, allowing remote attackers to execute arbitrary SQL commands via the no parameter. The connected documents confirm the affected component (xhresim module, index.php) and the vulnerability cl...

XOOPS Amevents Module SQL Injection

XOOPS Module: Amevents AUTHOR : netRoot HOME : http://www.passw0rd.info MAİL : [email protected] DORKS : dork: /modules/amevents/print.php?id= target: scriptpage.com/modules/amevents/print.php?id=sql Code Sql code: -98//union//select//1,2,3,4,uname,pass,7,8,9,10,11,12,13,14,15,16//from//xoopsuser...

XOOPS Module Amevents (print.php id) SQL Injection Vulnerability

No description provided by source. XOOPS Module: Amevents AUTHOR : netRoot HOME : http://www.passw0rd.info MAÄ°L : [email protected] DORKS : dork: /modules/amevents/print.php?id= target: scriptpage.com/modules/amevents/print.php?id=sql Code Sql code:...

XOOPS Module Amevents - SQL Injection

XOOPS Module Amevents - SQL Injection XOOPS Module: Amevents AUTHOR : netRoot HOME : http://www.passw0rd.info MAÄ°L : [email protected] DORKS : dork: /modules/amevents/print.php?id= target: scriptpage.com/modules/amevents/print.php?id=sql Code Sql code:...

XOOPS Module Amevents (print.php id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ XOOPS Module Amevents print.php id SQL Injection Vulnerability ================================================================ XOOPS Module: Amevents AUTHOR : netRoot DORKS ...

XOOPS Module Amevents - SQL Injection

XOOPS Module: Amevents AUTHOR : netRoot HOME : http://www.passw0rd.info MAÄ°L : [email protected] DORKS : dork: /modules/amevents/print.php?id= target: scriptpage.com/modules/amevents/print.php?id=sql Code Sql code:...

[DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x

Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...