85 matches found
CVE-2008-2350
CVE-2008-2350 (CWE-style directory traversal) : Affected software is bcoos, specifically highlight.php versions 1.0.9–1.0.13. The vulnerability arises from an improper handling of the file parameter, enabling directory traversal via ".." sequences or Windows-style C: paths to read arbitrary local...
bcoos-traverse.txt
Bcoos = 1.0.13 highlight.php traversal file access Vendor URL: http://www.bcoos.net Advisore:http://lostmon.blogspot.com/2008/05/ bcoos-highlightphp-traversal-file.html Vendor notify:yes Exploit available:yes bcoos is content-community management system written in PHP-MySQL Directory traversal...
bcoos 1.0.13 - file Local File Inclusion
bcoos 1.0.13 - file Local File Inclusion source: https://www.securityfocus.com/bid/29275/info The 'bcoos' program is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings ...
bcoos 1.0.13 - 'file' Local File Inclusion
source: https://www.securityfocus.com/bid/29275/info The 'bcoos' program is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to include local scripts in the context o...
bcooslid-sql.txt
bcoos /mysections/ratefile.php lid variable SQL injection vendor url: http://www.bcoops.net Advisore: http://lostmon.blogspot.com/2008/02/ bcoos-mysectionsratefilephp-lid.html vendor notify:NO exploits available: YES bcoos is content-community management system written in PHP-MySQL. bcoops contai...
bcoosexoops-xss.txt
bcoos & E-xoops DevTracker module two variables XSS vendor url: http://www.bcoos.net Vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2008/02/ bcoos-and-e-xoops-devtracker-module-two.html vendor notify:yes exploits available: YES bcoos and E-xoops are two content-community...
DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27619/info DevTracker module for bcoos and E-xoops is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...
DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/27619/info DevTracker module for bcoos and E-xoops is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser o...
CVE-2007-6365
Cross-site scripting XSS vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6365
Cross-site scripting XSS vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6365
CVE-2007-6365 describes a cross-site scripting (XSS) vulnerability in the Event Calendar component of bcoos 1.0.10, specifically in modules/ecal/display.php, where an attacker can inject arbitrary script or HTML via the month parameter. The affected product is bcoos 1.0.10; the issue is a client-...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 day or 2 year parameter...
Sql injection
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266...
CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the gid parameter to modules/arcade/index.php in a showstats action, or the lid parameter to 2 modules/myalbum/ratephoto.php or 3 modules/mylinks/ratelink.php, differe...
CVE-2007-6274
Multiple cross-site scripting XSS vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 day or 2 year parameter...
CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266...
CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the gid parameter to modules/arcade/index.php in a showstats action, or the lid parameter to 2 modules/myalbum/ratephoto.php or 3 modules/mylinks/ratelink.php, differe...
CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266...
CVE-2007-6275
CVE-2007-6275 affects bcoos 1.0.10 and earlier. The vulnerability is a SQL injection in modules/adresses/ratefile.php that allows remote attackers to execute arbitrary SQL commands via the lid parameter, representing a vector different from CVE-2007-6266. The connected records confirm the affecte...
CVE-2007-6266
CVE-2007-6266 applies to the bcoos CMS (versions 1.0.10 and earlier). The affected components expose multiple SQL injection weaknesses that allow remote attackers to run arbitrary SQL commands. Attack vectors include: (1) gid parameter to modules/arcade/index.php in a show_stats action, (2) lid p...