Lucene search
K
E-xoopsE-xoops

7 matches found

CVE
CVE
added 2005/03/22 5:0 a.m.54 views

CVE-2005-0827

The CVE affects RUNCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3, via the Viewcat.php code path where convertorderbytrans is invoked. The underlying issue is that an invalid parameter to convertorderbytrans causes a PHP error message that reveals the filesystem path, enabling remote attackers...

5CVSS6.8AI score0.01388EPSS
CVE
CVE
added 2005/03/22 5:0 a.m.53 views

CVE-2005-0828

The CVE-2005-0828 entry affects RunCMS 1.1A, Ciamos 0.9.2 RC1, and e-Xoops 1.05 Rev3 via highlight.php, where the file parameter can disclose arbitrary PHP files (e.g., mainfile.php). This information disclosure has a CVSSv2 base score of 5.0 (PARTIAL confidentiality). Remediation guidance in con...

5CVSS7.1AI score0.09176EPSS
CVE
CVE
added 2005/04/09 4:0 a.m.51 views

CVE-2005-1031

CVE-2005-1031 affects RunCMS 1.1A and possibly other products based on e-Xoops (exoops). The vulnerability arises when the setting “Allow custom avatar upload” is enabled and the uploaded files are not properly verified, allowing remote attackers to upload arbitrary files. Connected sources corro...

5CVSS7AI score0.01351EPSS
CVE
CVE
added 2005/03/29 5:0 a.m.49 views

CVE-2005-0911

CVE-2005-0911 affects the XOOPS platform, with multiple SQL injection vulnerabilities in index.php. Specifically, the viewcat parameter of index.php and the artid parameter in the viewarticle action are vulnerable, allowing remote attackers to execute arbitrary SQL commands. The description indic...

7.5CVSS8.9AI score0.01124EPSS
CVE
CVE
added 2009/08/24 10:0 a.m.46 views

CVE-2008-7036

CVE-2008-7036 involves multiple cross-site scripting (XSS) vulnerabilities in index.php of the DevTracker module. Affected are DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier. The flaws allow remote attackers to inject arbitrary web scr...

4.3CVSS5.9AI score0.01497EPSS
CVE
CVE
added 2007/12/15 1:0 a.m.45 views

CVE-2007-6380

CVE-2007-6380 describes multiple SQL injection vulnerabilities in e-Xoops (exoops) versions 1.08 and 1.05 Rev 1–3. The flaws allow remote attackers to execute arbitrary SQL commands via the parameter lid targeting various scripts under modules/ (mylinks/ratelink.php, adresses/ratefile.php, mydown...

7.5CVSS8.2AI score0.00915EPSS
Web
CVE
CVE
added 2005/03/29 5:0 a.m.43 views

CVE-2005-0910

CVE-2005-0910 refers to multiple XSS vulnerabilities in exoops. The vulnerability allows remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php. Affected software is exoops (specific version details are not...

4.3CVSS6AI score0.00998EPSS