63 matches found
E-Xoops 1.0.51.0.8 - mylinksratelink.php?lid SQL Injection
E-Xoops 1.0.51.0.8 - mylinksratelink.php?lid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
E-Xoops 1.0.51.0.8 - modulesbannersclick.php?bid SQL Injection
E-Xoops 1.0.51.0.8 - modulesbannersclick.php?bid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues coul...
E-Xoops 1.0.51.0.8 - adressesratefile.php?lid SQL Injection
E-Xoops 1.0.51.0.8 - adressesratefile.php?lid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
exoops-sql.txt
E-xoops multiple variable/scripts SQL injection vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2007/12/ e-xoops-multiple-variablescripts-sql.html vendor notify:NO exploits available: YES E-xoops is content-community management system written in PHP-MySQL. E-xoops contain...
E-Xoops 1.0.51.0.8 - modulesarcadeindex.php?gid SQL Injection
E-Xoops 1.0.51.0.8 - modulesarcadeindex.php?gid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
RunCMS <= 1.6 Local File Inclusion Vulnerability
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior versio...
RunCMS <= 1.6 Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================ RunCMS Local File Inclusion Remote Code Execution Code Snippet: /include/common.php line131-143 // :: Register Globals Compatibility :: $globalstest = @ini...
bcoos 1.0.10 (LFI / SQL Injection) Multiple Remote Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: Bcoos Multiple Vulnerabilities Vendor: http://www.bcoos.net/ Bugs: Local File Inclusion, Sql Injection Vulnerable Version: bcoos 1.0.10 prior versions also may be affected...
CVE-2005-0827
Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...
CVE-2005-0828
highlight.php in 1 RUNCMS 1.1A, 2 CIAMOS 0.9.2 RC1, 3 e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from...
CVE-2005-1031
CVE-2005-1031 affects RunCMS 1.1A and possibly other products based on e-Xoops (exoops). The vulnerability arises when the setting “Allow custom avatar upload” is enabled and the uploaded files are not properly verified, allowing remote attackers to upload arbitrary files. Connected sources corro...
CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops exoops, when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files...
runcms/e-xoops 1.1A and below file upload vulnerability
Products: runcms/e-xoops 1.1A http://www.runcms.org Summary: runcms/e-xoops 1.1A and below file upload vulnerability Description =========== runcms/e-xoops is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. runcms/e-xoops is the ideal tool for...
RunCMS Remote Arbitrary File Upload
The remote host is running RunCMS / E-Xoops, a content management system written in PHP. According to its banner, the version of this software installed on the remote host may allow a user to upload arbitrary files and potentially run them. This issue arises if avatar uploads are enabled they are...
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum E-XOOPS Date: March 28, 2005 Summary...
dcrab-e-xoops.txt
Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum E-XOOPS Date: March 28, 2005 Summary: There are multiple sql injection, xss...
CVE-2005-0828
highlight.php in 1 RUNCMS 1.1A, 2 CIAMOS 0.9.2 RC1, 3 e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from...
CVE-2005-0827
The CVE affects RUNCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3, via the Viewcat.php code path where convertorderbytrans is invoked. The underlying issue is that an invalid parameter to convertorderbytrans causes a PHP error message that reveals the filesystem path, enabling remote attackers...
CVE-2005-0828
The CVE-2005-0828 entry affects RunCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3 via highlight.php, where the file parameter can disclose arbitrary PHP files (e.g., mainfile.php). This information disclosure has a CVSSv2 base score of 5.0 (PARTIAL confidentiality). Remediation guidance in con...
CVE-2005-0827
Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...