Lucene search
K

63 matches found

exploitpack
exploitpack
added 2007/12/10 12:0 a.m.22 views

E-Xoops 1.0.51.0.8 - mylinksratelink.php?lid SQL Injection

E-Xoops 1.0.51.0.8 - mylinksratelink.php?lid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.16 views

E-Xoops 1.0.51.0.8 - modulesbannersclick.php?bid SQL Injection

E-Xoops 1.0.51.0.8 - modulesbannersclick.php?bid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues coul...

8.6AI score
Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.21 views

E-Xoops 1.0.51.0.8 - adressesratefile.php?lid SQL Injection

E-Xoops 1.0.51.0.8 - adressesratefile.php?lid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

Exploits0
Packet Storm
Packet Storm
added 2007/12/10 12:0 a.m.30 views

exoops-sql.txt

E-xoops multiple variable/scripts SQL injection vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2007/12/ e-xoops-multiple-variablescripts-sql.html vendor notify:NO exploits available: YES E-xoops is content-community management system written in PHP-MySQL. E-xoops contain...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.14 views

E-Xoops 1.0.51.0.8 - modulesarcadeindex.php?gid SQL Injection

E-Xoops 1.0.51.0.8 - modulesarcadeindex.php?gid SQL Injection source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

Exploits0
seebug.org
seebug.org
added 2007/11/25 12:0 a.m.32 views

RunCMS <= 1.6 Local File Inclusion Vulnerability

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior versio...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/11/24 12:0 a.m.31 views

RunCMS <= 1.6 Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================ RunCMS Local File Inclusion Remote Code Execution Code Snippet: /include/common.php line131-143 // :: Register Globals Compatibility :: $globalstest = @ini...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/11/21 12:0 a.m.24 views

bcoos 1.0.10 (LFI / SQL Injection) Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: Bcoos Multiple Vulnerabilities Vendor: http://www.bcoos.net/ Bugs: Local File Inclusion, Sql Injection Vulnerable Version: bcoos 1.0.10 prior versions also may be affected...

7.1AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.14 views

CVE-2005-0827

Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...

5CVSS6.4AI score0.01388EPSS
Exploits0References5
NVD
NVD
added 2005/05/02 4:0 a.m.20 views

CVE-2005-0828

highlight.php in 1 RUNCMS 1.1A, 2 CIAMOS 0.9.2 RC1, 3 e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from...

5CVSS6.7AI score0.09176EPSS
Exploits1References10
CVE
CVE
added 2005/04/09 4:0 a.m.51 views

CVE-2005-1031

CVE-2005-1031 affects RunCMS 1.1A and possibly other products based on e-Xoops (exoops). The vulnerability arises when the setting “Allow custom avatar upload” is enabled and the uploaded files are not properly verified, allowing remote attackers to upload arbitrary files. Connected sources corro...

5CVSS7AI score0.01351EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2005/04/09 4:0 a.m.20 views

CVE-2005-1031

RUNCMS 1.1A, and possibly other products based on e-Xoops exoops, when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files...

7AI score0.01351EPSS
Exploits0References5
securityvulns
securityvulns
added 2005/04/06 12:0 a.m.31 views

runcms/e-xoops 1.1A and below file upload vulnerability

Products: runcms/e-xoops 1.1A http://www.runcms.org Summary: runcms/e-xoops 1.1A and below file upload vulnerability Description =========== runcms/e-xoops is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. runcms/e-xoops is the ideal tool for...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/06 12:0 a.m.23 views

RunCMS Remote Arbitrary File Upload

The remote host is running RunCMS / E-Xoops, a content management system written in PHP. According to its banner, the version of this software installed on the remote host may allow a user to upload arbitrary files and potentially run them. This issue arises if avatar uploads are enabled they are...

5CVSS5.7AI score0.01351EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/03/31 12:0 a.m.24 views

Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum &#40;E-XOOPS&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum E-XOOPS Date: March 28, 2005 Summary...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2005/03/28 12:0 a.m.28 views

dcrab-e-xoops.txt

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum E-XOOPS Date: March 28, 2005 Summary: There are multiple sql injection, xss...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/03/22 5:0 a.m.20 views

CVE-2005-0828

highlight.php in 1 RUNCMS 1.1A, 2 CIAMOS 0.9.2 RC1, 3 e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from...

6.7AI score0.09176EPSS
Exploits1References10
CVE
CVE
added 2005/03/22 5:0 a.m.54 views

CVE-2005-0827

The CVE affects RUNCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3, via the Viewcat.php code path where convertorderbytrans is invoked. The underlying issue is that an invalid parameter to convertorderbytrans causes a PHP error message that reveals the filesystem path, enabling remote attackers...

5CVSS6.8AI score0.01388EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2005/03/22 5:0 a.m.54 views

CVE-2005-0828

The CVE-2005-0828 entry affects RunCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3 via highlight.php, where the file parameter can disclose arbitrary PHP files (e.g., mainfile.php). This information disclosure has a CVSSv2 base score of 5.0 (PARTIAL confidentiality). Remediation guidance in con...

5CVSS7.1AI score0.09176EPSS
Exploits1References10Affected Software3
Cvelist
Cvelist
added 2005/03/22 5:0 a.m.21 views

CVE-2005-0827

Viewcat.php in 1 RUNCMS 1.1A, 2 Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops exoops, allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message...

6.4AI score0.01388EPSS
Exploits0References5
Rows per page
Query Builder