CVE-2006-3263

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter...

EUVD-2004-2011

Malware in sbrugna...

EUVD-2006-3260

Malware in sbrugna...

Sql injection bugs in Xoops 2.0.16 + Weblinks module

Hi, These bugs were published in full-disclosure about 2 weeks ago CVE-2007-0377. There is a sql injection bug in Xoops 2.0.16 core and maybe other versions in admin section: The 'id' parameter in "get" function is not checked against sql injections : File kernel/group.php, Line 94 : :: function...

CVE-2007-0377

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in kernel/group.php in core, 2 the lid parameter in class/tablebroken.php in the Weblinks module, and other unspecified vectors...

CVE-2007-0377

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in kernel/group.php in core, 2 the lid parameter in class/tablebroken.php in the Weblinks module, and other unspecified vectors...

CVE-2006-3262

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter...

CVE-2006-3263

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2006-3262

The CVE-2006-3262 entry describes an SQL injection in the Weblinks module (weblinks.php) of Mambo 4.6rc1 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the title parameter. Affected: Mambo 4.6rc1 and earlier (Weblinks component). Root cause: lack of i...

CVE-2006-3262

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter...

CVE-2006-3263

The CVE-2006-3263 issue is a SQL injection in the Weblinks module (weblinks.php) of Mambo 4.6rc1 and earlier. The root cause is unsanitized input through the catid parameter, enabling remote attackers to execute arbitrary SQL commands. Affected product: Mambo Weblinks component; affected version ...

XOOPS viewtopic.php Cross Site Scripting Vulnerability

The remote web server contains a PHP script that is prone to cross- site scripting attacks. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

CVE-2004-2019

The CVE-2004-2019 entry concerns the WebLinks module of Php-Nuke 6.x–7.3. The vulnerability arises from an invalid show parameter in the WebLinks module, which allows remote attackers to obtain sensitive information by triggering a PHP error that reveals the full filesystem path. Affected softwar...

PHP-Nuke 7.4 WebLinks SQL-Injection

Version: 7.4 Module: WebLinks function: TopRated //...... function TopRated$ratenum, $ratetype //........ if $ratenum != "" && $ratetype != "" $toplinks = $ratenum; //........... $result = $db-sqlquery"SELECT lid, cid, sid, title, description, date, hits, linkratingsummary, totalvotes,...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

[Full-Disclosure] XSS vulnerability in XOOPS 2.0.5.1

==================================================================== Advisory by Eye On Security Research Group - India www.eos-india.net ==================================================================== 1...............................................................Product...