Vulnerabilities > Xoops
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-08 | CVE-2008-7178 | Path Traversal vulnerability in Xoops Uploader 1.1 Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. | 7.5 |
2009-07-31 | CVE-2008-6885 | Cross-Site Scripting vulnerability in Xoops 2.3.1/2.3.2A Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | 4.3 |
2009-07-31 | CVE-2008-6884 | Path Traversal vulnerability in Xoops 2.3.1 Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2009-06-22 | CVE-2009-2162 | Cross-Site Scripting vulnerability in Ishii Pukiwikimod Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-03-04 | CVE-2009-0805 | Cross-Site Scripting vulnerability in Mihai Bazon Pical Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php. | 4.3 |
2008-12-30 | CVE-2008-5768 | SQL Injection vulnerability in Sirium AM Events Module 0.22 SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-12-19 | CVE-2008-5665 | SQL Injection vulnerability in Xoops SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. | 7.5 |
2008-12-03 | CVE-2008-5321 | SQL Injection vulnerability in Xoops Hocasi Gesgaleri NIL SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. | 7.5 |
2008-10-22 | CVE-2008-4653 | SQL Injection vulnerability in Xoops Makale 0.26 SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-10-21 | CVE-2008-4635 | Information Exposure vulnerability in Hisanaga Electric CO Hisa Cart Unspecified vulnerability in Hisanaga Electric Co, Ltd. | 5.0 |