13 matches found
EUVD-2006-0728
Malware in sbrugna...
CVE-2011-4565
Multiple cross-site scripting XSS vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter to include/formdhtmltextareapreview.php or 2 img BBCODE tag within the message parameter to pmlite.php aka...
CVE-2008-6885
Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...
Cross site scripting
Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...
CVE-2008-6885
XOOPS CVE-2008-6885: is an XSS in the pmlite.php component affecting XOOPS versions 2.3.1 and 2.3.2a . An attacker can inject arbitrary web script or HTML via a STYLE attribute in a URL BBCode tag in a private message. Root cause: improper handling of STYLE attributes in BBCode within private mes...
XOOPS 2.3.1/2.3.2a Cross Site Scripting
Digital Security Research Group DSecRG Advisory DSECRG-08-041 Application: XOOPS Versions Affected: 2.3.1, 2.3.2a Vendor URL: http://www.xoops.org/ Bug: Stored XSS Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors: Digital...
RUNCMS 1.3a SQL injection
refrence: http://www.runcms.org/public/modules/forum/viewtopic.php?topicid=4003&forum=18 http://hamid.ir/security/ ----------------------------------------------- RUNCMS 1.3a SQL injection Runcms Includes most things a webmaster would expect from a cms: downloads, links, tutorials section, polls,...
Sql injection
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the touserid parameter...
CVE-2006-0721
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the touserid parameter...
CVE-2006-0721
CVE-2006-0721 affects RunCMS versions 1.2 and 1.3a, with a vulnerability in pmlite.php that allows remote SQL execution via the to_userid parameter. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) , with network attack vector, low complexity, and no authentication required. Impacts are des...
RunCMS 1.21.3 - PMLite.php SQL Injection
RunCMS 1.21.3 - PMLite.php SQL Injection source: https://www.securityfocus.com/bid/16652/info RunCMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...
[SA18831] RunCMS pmlite.php SQL Injection Vulnerability
TITLE: RunCMS pmlite.php SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18831 VERIFY ADVISORY: http://secunia.com/advisories/18831/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Runcms 1.x http://secunia.com/product/4808/ DESCRIPTION: Hamid Ebadi has...
CVE-2002-0217
CVE-2002-0217 affects XOOPS 1.0 RC1 — the Private Message System is vulnerable to cross-site scripting via the PM title/field or the image parameter in pmlite.php. The root cause is insufficient input filtering, allowing remote attackers to run Javascript in other users’ browsers. Documented impa...