Filtered by vendor Xoops
Subscriptions
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3222 | 1 Xoops | 1 Xfsection Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | ||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2025-04-09 | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | ||||
| CVE-2008-6885 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message. | ||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | ||||
| CVE-2008-0613 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | ||||
| CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2025-04-09 | N/A |
| SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | ||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | ||||
| CVE-2008-1063 | 1 Xoops | 1 Xm-memberstats | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | ||||
| CVE-2008-1064 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | ||||
| CVE-2009-3963 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have unknown impact and attack vectors. | ||||
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack | ||||
| CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. | ||||
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2025-04-09 | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | ||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
| CVE-2008-5665 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. | ||||
| CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2025-04-09 | N/A |
| SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-2783 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. | ||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2025-04-09 | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||