Vulnerabilities > Xoops

DATE CVE VULNERABILITY TITLE RISK
2008-02-28 CVE-2008-1065 SQL Injection vulnerability in Xoops XM Memberstats 2.0E
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter.
network
low complexity
xoops CWE-89
7.5
2008-02-28 CVE-2008-1064 Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
network
xoops CWE-79
4.3
2008-02-28 CVE-2008-1063 Cross-Site Scripting vulnerability in Xoops Xm-Memberstats 2.0
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
network
xoops CWE-79
4.3
2008-02-25 CVE-2008-0937 SQL Injection vulnerability in multiple products
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
6.8
2008-02-25 CVE-2008-0936 SQL Injection vulnerability in Xoops Prayer List Module 1.04
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
network
low complexity
xoops CWE-89
7.5
2008-02-21 CVE-2008-0874 SQL Injection vulnerability in Xoops Eempregos Module
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
network
low complexity
xoops CWE-89
7.5
2008-02-21 CVE-2008-0847 SQL Injection vulnerability in Xoops Mytopics
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
network
low complexity
xoops CWE-89
7.5
2008-02-06 CVE-2008-0613 Link Following vulnerability in Xoops 2.0.18
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
network
low complexity
xoops CWE-59
5.0
2008-02-06 CVE-2008-0612 Path Traversal vulnerability in Xoops 2.0.18
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
xoops CWE-22
7.5
2008-02-06 CVE-2008-0611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
rmsoft xoops CWE-89
7.5