Filtered by vendor Xoops
Subscriptions
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | ||||
| CVE-2007-3220 | 1 Xoops | 1 Cjay Content Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656. | ||||
| CVE-2007-3221 | 1 Xoops | 1 Xt-conteudo Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | ||||
| CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | ||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2025-04-09 | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | ||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | ||||
| CVE-2008-6884 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/. | ||||
| CVE-2009-3963 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | ||||
| CVE-2009-3240 | 2 Ohwada, Xoops | 2 Xf-section, Xoops | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2025-04-09 | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | ||||
| CVE-2009-2783 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | ||||
| CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2025-04-09 | N/A |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-2035 | 2 Bluemoon, Xoops | 7 Backpack, Bmsurvey, Newbb Fileup and 4 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2002-2386 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||||