16 matches found
EUVD-2002-2369
Malware in sbrugna...
EUVD-2002-2364
Malware in sbrugna...
EUVD-2006-5794
Malware in sbrugna...
CVE-2002-2391
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter...
xhresim-sql.txt
XOOPS 1.0 RC 3.0.4 Module myAlbum - Remote SQL Injection www.xoops.org ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected] ----------------------------------------------------------- Greetz tO:- Security-Shell Members...
CVE-2002-2386
Cross-site scripting XSS vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag...
CVE-2002-2391
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter...
CVE-2002-2391
The CVE-2002-2391 entry describes a SQL injection in WebChat 1.5 (included with XOOPS 1.0) via the roomid parameter in index.php, enabling remote arbitrary SQL commands. The connected documents provide concrete details (affected software and vulnerable parameter) but do not include exploitation s...
CVE-2002-2386
CVE-2002-2386 describes a cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0. The issue occurs when online question development allows a javascript: URL in the SRC attribute of an IMG tag, enabling remote attackers to inject arbitrary script/HTML. The provided documents id...
CVE-2006-5810
Affected software : XOOPS 1.0, module wfdownloads, endpoint /modules/wfdownloads/newlist.php. Vulnerability : Cross-site scripting (XSS) via the parameter newdownloadshowdays . The root cause is manipulation of user-supplied input in the vulnerable script, allowing injection of arbitrary web scri...
CVE-2002-1802
XSS vulnerability CVE-2002-1802 affects XOOPS 1.0 RC3. The flaw allows remote attackers to inject arbitrary script/HTML via Javascript in an IMG tag when submitting news, due to insufficient input sanitization in the news submission workflow. Impact is Cross‑Site Scripting; no exploit vectors or ...
CVE-2002-2386
Cross-site scripting XSS vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag...
CVE-2002-2391
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter...
CVE-2002-0216
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter...
CVE-2002-0217
CVE-2002-0217 affects XOOPS 1.0 RC1 — the Private Message System is vulnerable to cross-site scripting via the PM title/field or the image parameter in pmlite.php. The root cause is insufficient input filtering, allowing remote attackers to run Javascript in other users’ browsers. Documented impa...
CVE-2002-0216
CVE-2002-0216 affects XOOPS 1.0 RC1: the userinfo.php script is vulnerable to SQL injection via the uid parameter, allowing remote attackers to retrieve sensitive data. The vulnerability stems from improper handling of user input in SQL clauses (example: uid value causing a syntax error revealing...