Filtered by vendor Xoops
Subscriptions
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6884 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. | ||||
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-2783 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | ||||
| CVE-2009-4360 | 2 Handcoders, Xoops | 2 Content Module, Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2007-0377 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | ||||
| CVE-2007-3311 | 1 Xoops | 1 Articles Module | 2025-04-09 | N/A |
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2025-04-09 | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
| CVE-2007-3289 | 1 Xoops | 1 Wiwimod Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
| CVE-2008-3295 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3560 | 1 Xoops | 1 Kshop Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | ||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2025-04-09 | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | ||||
| CVE-2008-4653 | 1 Xoops | 2 Makale, Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0612 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | ||||
| CVE-2006-5810 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | ||||
| CVE-2007-1838 | 1 Xoops | 1 Friendfinder Module | 2025-04-09 | N/A |
| SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||