CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1341 matches found

securityvulns•added 2008/12/10 12:0 a.m.•58 views

[DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x

Digital Security Research Group DSecRG Advisory DSECRG-08-041 Application: XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug: Stored XSS Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors: Digital...

6AI score

Exploits0

securityvulns•added 2008/12/10 12:0 a.m.•53 views

[DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x

Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...

6.9AI score

Exploits0

Packet Storm•added 2008/12/09 12:0 a.m.•36 views

XOOPS 2.3.1/2.3.2a Cross Site Scripting

7.4AI score

Exploits0

seebug.org•added 2008/12/09 12:0 a.m.•30 views

XOOPS 2.3.1 Multiple Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Publ...

7.1AI score

Exploits0

Packet Storm•added 2008/12/09 12:0 a.m.•39 views

XOOPS 2.3.1 Local File Inclusions

7.4AI score

Exploits0

0day.today•added 2008/12/08 12:0 a.m.•37 views

XOOPS 2.3.1 Multiple Local File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= XOOPS 2.3.1 Multiple Local File Inclusion Vulnerabilities ========================================================= Digital Security Research Group DSecRG Advisory DSECRG-08-040...

7.1AI score

Exploits0

exploitpack•added 2008/12/08 12:0 a.m.•28 views

XOOPS 2.3.1 - Multiple Local File Inclusions

XOOPS 2.3.1 - Multiple Local File Inclusions Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Da...

7.4AI score

Exploits0

Exploit DB•added 2008/12/08 12:0 a.m.•34 views

XOOPS 2.3.1 - Multiple Local File Inclusions

7.4AI score

Exploits0

Prion•added 2008/12/03 7:30 p.m.•11 views

Sql injection

SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter...

7.5CVSS9AI score0.00967EPSS

Exploits1References4

NVD•added 2008/12/03 7:30 p.m.•13 views

CVE-2008-5321

SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter...

7.5CVSS8.3AI score0.00967EPSS

Exploits1References4

Cvelist•added 2008/12/03 7:0 p.m.•18 views

CVE-2008-5321

SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter...

8.3AI score0.00967EPSS

Exploits1References4

CVE•added 2008/12/03 7:0 p.m.•38 views

CVE-2008-5321

The CVE-2008-5321 entry describes a SQL injection in the GesGaleri module (index.php) for XOOPS, exploitable via an input parameter (the none parameter is cited as the injection point). A remote attacker could execute arbitrary SQL commands according to the description and CVSS metrics (base scor...

7.5CVSS8.3AI score0.00967EPSS

Exploits1References4Affected Software1

seebug.org•added 2008/10/25 12:0 a.m.•32 views

Xoops个人消息系统跨站脚本执行(CSS/XSS)漏洞

BugCVE: CAN-2002-0217 BUGTRAQ: 3978 Xoops是一个用面向对象的PHP写的开源、免费的web程序，它用MySQL作为后台数据库，可以运行于大多数的Unix和Linux系统。Xoops的用户个人消息系统存在跨站脚本执行漏洞，攻击者可能利用此漏洞窃取用户的cookie等信息。。个人消息系统的标题栏没有很好的过滤脚本代码，当用户收到攻击者发来的个人消息，里面包含的恶意脚本代码将被执行，出现跨站脚本执行问题。这个漏洞可以让攻击者窃取用户基于cookie的认证信息等等。 1.0 RC1 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

7.5CVSS6.6AI score0.01771EPSS

Exploits2

seebug.org•added 2008/10/25 12:0 a.m.•49 views

Xoops远程SQLInjection漏洞

BugCVE: CAN-2002-0216 BUGTRAQ: 3977 Xoops是一个用面向对象的PHP写的开源、免费的web程序，它用MySQL作为后台数据库，可以运行于大多数的Unix和Linux系统。其userinfo.php脚本未能正确处理来自用户输入的SQL子句，攻击者可以利用某些技巧修改最终执行的SQL语句，导致敏感信息泄漏。 userinfo.php脚本没有检查用户输入的子句中是否包含特殊字符，比如提交如下URL请求结尾有个分号 http://xoops-site/userinfo.php?uid=1; 将看到如下错误信息 -snip- MySQL Query Error...

5CVSS7AI score0.013EPSS

Exploits1

NVD•added 2008/10/22 12:11 a.m.•13 views

CVE-2008-4653

SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.4AI score0.01003EPSS

Exploits1References5

Prion•added 2008/10/22 12:11 a.m.•9 views

Sql injection

7.5CVSS9AI score0.01003EPSS

Exploits1References5Affected Software1

Cvelist•added 2008/10/21 10:0 p.m.•14 views

CVE-2008-4653

8.4AI score0.01003EPSS

Exploits1References5

CVE•added 2008/10/21 10:0 p.m.•38 views

CVE-2008-4653

The CVE-2008-4653 entry concerns the Makale 0.26 XOOPS module (and possibly other Makale versions). The vulnerability is a SQL injection in makale.php that allows a remote attacker to execute arbitrary SQL commands via the id parameter. The available documents consistently identify the affected c...

7.5CVSS8.4AI score0.01003EPSS

Exploits1References5Affected Software1

Japan Vulnerability Notes•added 2008/10/21 10:25 a.m.•0 views

hisa_cart information disclosure vulnerability

Overview hisacart from Hisanaga Electric Co.Ltd contains an information disclosure vulnerability. hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain...

5CVSS6.4AI score0.01442EPSS

Exploits0References6

NVD•added 2008/10/21 1:18 a.m.•8 views

CVE-2008-4635

Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisacart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors...

5CVSS6.2AI score0.01442EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by