XOOPS Module Uploader 1.1 - 'Filename' File Disclosure

MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM MMMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MM MMM MMM MM MMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMMMM MMMMMMMMMM MMMMMMMMMM MMM MMM MM MMM MMM MM MMM MMM MMMN M...

Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...

XOOPS cross-site scripting vulnerability

Overview XOOPS is an open source web content management system implemented in PHP. XOOPS itself and its forum modules have multiple vulnerabilities in validating private messages and forum articles. Impact A remote attacker may upload a script to be executed by a user reading a private message or...

Sql injection

SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2094

SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2094

CVE-2008-2094 : The provided documents describe a SQL injection vulnerability in the XOOPS Article Module, specifically in article.php via the id parameter. The vulnerability allows a remote attacker to execute arbitrary SQL commands through user-supplied input, thereby potentially exposing or al...

CVE-2008-2094

SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the Bluemoon, Inc. 1 BackPack 0.91 and earlier, 2 BmSurvey 0.84 and earlier, 3 newbbfileup 1.83 and earlier, 4 Newsembed newsfileup 1.44 and earlier, and 5 PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote...

CVE-2008-2035

Cross-site scripting XSS vulnerability in the Bluemoon, Inc. 1 BackPack 0.91 and earlier, 2 BmSurvey 0.84 and earlier, 3 newbbfileup 1.83 and earlier, 4 Newsembed newsfileup 1.44 and earlier, and 5 PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote...

CVE-2008-2035

Cross-site scripting XSS vulnerability in the Bluemoon, Inc. 1 BackPack 0.91 and earlier, 2 BmSurvey 0.84 and earlier, 3 newbbfileup 1.83 and earlier, 4 Newsembed newsfileup 1.44 and earlier, and 5 PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote...

CVE-2008-2035

CVE-2008-2035 is a cross-site scripting (XSS) vulnerability affecting Bluemoon Inc. XOOPS modules: Backpack 0.91 and earlier, BmSurvey 0.84 and earlier, newbb_fileup 1.83 and earlier, News_embed (news_fileup) 1.44 and earlier, and PopnupBlog 3.19 and earlier, used with XOOPS 2.0.x, XOOPS Cube 2.1...

JVN#31351020 Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the product to the latest version according to the information...

XOOPS Article Module article.php id Parameter SQL Injection

The remote host is running the Articles module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'id' parameter of the 'modules/articles/article.php' script before using it to build a database query...

Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it

/Cr@zyKing / http://coderx.org Xoops All Version -Articles- Article.PHP ID Blind SQL Injection ExpL0it Sql 1-2 article.php?id=3+union+select+1,2,3,4,5,6,AESDECRYPTAESENCRYPTUSER,0x71,0x71,8,9,0,1,2,3,4,5,6,7,8,9,0/...

xoopsrecipe-sql.txt

XOOPS Project-RecetteRecipe2.2 SQL Injection Vulnerability AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAÝL : [email protected] DORK 1 : allinurl :"modules/recipe" EXPLOIT : modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2...

XOOPS Module Recipe (detail.php id) SQL Injection Vulnerability

No description provided by source. XOOPS Project-RecetteRecipe2.2 SQL Injection Vulnerability AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA脻L : [email protected] DORK 1 : allinurl :"modules/recipe" EXPLOIT :...

XOOPS 2.0.14 Article Module - article.php SQL Injection

XOOPS 2.0.14 Article Module - article.php SQL Injection source: https://www.securityfocus.com/bid/28879/info XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

xoopsall-sql.txt

/Cr@zyKing / http://coderx.org Xoops All Version -Articles- Article.PHP ID Blind SQL Injection ExpL0it Sql 1-2 article.php?id=3+union+select+1,2,3,4,5,6,AESDECRYPTAESENCRYPTUSER,0x71,0x71,8,9,0,1,2,3,4,5,6,7,8,9,0/...

XOOPS 2.0.14 Article Module - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/28879/info XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

XOOPS Module Recipe (detail.php id) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w Xoops All Version -Recipe- Detail.PHP ID Blind SQL Injection Exploit And PoC 0-day Type : SQL Injection Release Date : 2008-04-20 Product / Vendor : www.budgiemania.com Bug : http://localhost/script/modules/recipe/detail.php?id=Sql PoC :...