7 matches found
CVE-2005-0827
The CVE affects RUNCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3, via the Viewcat.php code path where convertorderbytrans is invoked. The underlying issue is that an invalid parameter to convertorderbytrans causes a PHP error message that reveals the filesystem path, enabling remote attackers...
CVE-2005-0828
The CVE-2005-0828 entry affects RunCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3 via highlight.php, where the file parameter can disclose arbitrary PHP files (e.g., mainfile.php). This information disclosure has a CVSSv2 base score of 5.0 (PARTIAL confidentiality). Remediation guidance in con...
CVE-2005-1031
CVE-2005-1031 affects RunCMS 1.1A and possibly other products based on e-Xoops (exoops). The vulnerability arises when the setting “Allow custom avatar upload” is enabled and the uploaded files are not properly verified, allowing remote attackers to upload arbitrary files. Connected sources corro...
CVE-2005-0911
CVE-2005-0911 affects the XOOPS platform, with multiple SQL injection vulnerabilities in index.php. Specifically, the viewcat parameter of index.php and the artid parameter in the viewarticle action are vulnerable, allowing remote attackers to execute arbitrary SQL commands. The description indic...
CVE-2008-7036
CVE-2008-7036 involves multiple cross-site scripting (XSS) vulnerabilities in index.php of the DevTracker module. Affected are DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier. The flaws allow remote attackers to inject arbitrary web scr...
CVE-2007-6380
CVE-2007-6380 describes multiple SQL injection vulnerabilities in e-Xoops (exoops) versions 1.08 and 1.05 Rev 1–3. The flaws allow remote attackers to execute arbitrary SQL commands via the parameter lid targeting various scripts under modules/ (mylinks/ratelink.php, adresses/ratefile.php, mydown...
CVE-2005-0910
CVE-2005-0910 refers to multiple XSS vulnerabilities in exoops. The vulnerability allows remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. Affected software is exoops (specific version details are not...