1341 matches found
DSECRG-08-009.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-009 Application: XOOPS Versions Affected: XOOPS 2.0.18 Vendor URL: http://www.xoops.org/ Bugs: Local File Include,URL Redirecting phishing Exploits: YES Reported: 28.01.2008 Vendor response: 28.01.2008 Date of Public Advisory: 04.02.2008...
XOOPS 2.0.18 - Local File Inclusion / URL Redirecting
Digital Security Research Group DSecRG Advisory DSECRG-08-009 Application: XOOPS Versions Affected: XOOPS 2.0.18 Vendor URL: http://www.xoops.org/ Bugs: Local File Include,URL Redirecting phishing Exploits: YES Reported: 28.01.2008 Vendor response: 28.01.2008 Date of Public Advisory: 04.02.2008...
Remote file inclusion
PHP remote file inclusion vulnerability in xoopsgallery/initbasic.php in the modgallery module for XOOPS, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...
CVE-2007-6675
The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...
Design/Logic Flaw
The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...
CVE-2007-6675
The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...
CVE-2008-0138
PHP remote file inclusion vulnerability in xoopsgallery/initbasic.php in the modgallery module for XOOPS, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...
CVE-2007-6675
The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...
CVE-2008-0138
PHP remote file inclusion vulnerability in xoopsgallery/initbasic.php in the modgallery module for XOOPS, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...
CVE-2008-0138
Summary : CVE-2008-0138 concerns the XoopsGallery mod_gallery module for XOOPS, specifically the init_basic.php script. When register_globals is disabled, the GALLERY_BASEDIR parameter can be controlled by a remote attacker to cause a remote file inclusion, allowing execution of arbitrary PHP cod...
CVE-2007-6675
CVE-2007-6675 affects XOOPS up to version 2.0.18. The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php does not perform a permissions check, allowing remote attackers to read comments in restricted modules. This description is corroborated by multiple sources (NVD...
XOOPS mod_gallery Zend_Hash_key + Extract RFI Vulnerability
No description provided by source. ---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence.ru Antichat.ru XOOPS modgallery ZendHashkey + Extract REMOTE FILE INCLUDE Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / &nbs...
xoopsgal-rfi.txt
---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence.ru Antichat.ru XOOPS modgallery ZendHashkey + Extract REMOTE FILE INCLUDE Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\...
XOOPS mod_gallery Zend_Hash_key + Extract RFI Vulnerability
Exploit for unknown platform in category web applications =========================================================== XOOPS modgallery ZendHashkey + Extract RFI Vulnerability =========================================================== ---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence....
XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion
---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence.ru Antichat.ru XOOPS modgallery ZendHashkey + Extract REMOTE FILE INCLUDE Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\...
XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion
XOOPS modgallery ZendHashkey + Extract - Remote File Inclusion ---- XOOPS modgallery ZendHashkey + Extract RFI ... ITDefence.ru Antichat.ru XOOPS modgallery ZendHashkey + Extract REMOTE FILE INCLUDE Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / /...
Sql injection
Multiple SQL injection vulnerabilities in e-Xoops exoops 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to a mylinks/ratelink.php, b adresses/ratefile.php, c mydownloads/ratefile.php, d mysections/ratefile.php, and e...
CVE-2007-6380
Multiple SQL injection vulnerabilities in e-Xoops exoops 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to a mylinks/ratelink.php, b adresses/ratefile.php, c mydownloads/ratefile.php, d mysections/ratefile.php, and e...
CVE-2007-6380
Multiple SQL injection vulnerabilities in e-Xoops exoops 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to a mylinks/ratelink.php, b adresses/ratefile.php, c mydownloads/ratefile.php, d mysections/ratefile.php, and e...
CVE-2007-6380
CVE-2007-6380 describes multiple SQL injection vulnerabilities in e-Xoops (exoops) versions 1.08 and 1.05 Rev 1–3. The flaws allow remote attackers to execute arbitrary SQL commands via the parameter lid targeting various scripts under modules/ (mylinks/ratelink.php, adresses/ratefile.php, mydown...