Vulnerabilities > Xoops
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-28 | CVE-2008-1065 | SQL Injection vulnerability in Xoops XM Memberstats 2.0E Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. | 7.5 |
2008-02-28 | CVE-2008-1064 | Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0 Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2008-02-28 | CVE-2008-1063 | Cross-Site Scripting vulnerability in Xoops Xm-Memberstats 2.0 Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | 4.3 |
2008-02-25 | CVE-2008-0937 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | 6.8 |
2008-02-25 | CVE-2008-0936 | SQL Injection vulnerability in Xoops Prayer List Module 1.04 SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | 7.5 |
2008-02-21 | CVE-2008-0874 | SQL Injection vulnerability in Xoops Eempregos Module SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | 7.5 |
2008-02-21 | CVE-2008-0847 | SQL Injection vulnerability in Xoops Mytopics SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | 7.5 |
2008-02-06 | CVE-2008-0613 | Link Following vulnerability in Xoops 2.0.18 Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | 5.0 |
2008-02-06 | CVE-2008-0612 | Path Traversal vulnerability in Xoops 2.0.18 Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-02-06 | CVE-2008-0611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |