CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 5CVE-2008-7036 – DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7036
24 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo DevTracker v3.0 de bcoos v1.1.11 y versiones anteriores, y el módulo DevTracker v0.20 de E-XooPS v1.0.8, permiten a usu... • https://www.exploit-db.com/exploits/31112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2008-6381 – bcoos 1.0.13 - 'viewcat.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6381
02 Mar 2009 — SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en el archivo modules/adresses/viewcat.php en bcoos 1.0.13, y posiblemente anteriores, que permite a los usuarios remotos autenticados con permisos del modulo Addresses para ejecutar arbitrariamente comandos SQL a través del parámetro cid. • https://www.exploit-db.com/exploits/7317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 3CVE-2008-2350 – bcoos 1.0.13 - 'file' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-2350
20 May 2008 — Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. Vulnerabilidad de salto de directorio en highlight.php de bcoos 1.0.9 hasta 1.0.13; permite a atacantes remotos leer ficheros de su elección mediante las secuencias (1) .. (punto punto) o (2) carpeta C: en el parámetro file. • https://www.exploit-db.com/exploits/31806 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2007-6266 – bcoos 1.0.10 - 'ratephoto.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6266
07 Dec 2007 — Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104. Múltiples vulnerabilidades de inyección SQL en bcoos 1.0.10 y versiones anteriores. Permite que atacantes remotos ejecuten comandos SQL de su elección, usando: (1) el parámetro ... • https://www.exploit-db.com/exploits/30823 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6274
https://notcve.org/view.php?id=CVE-2007-6274
07 Dec 2007 — Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. Múltiples vulnerablidades de secuencias de comandos en sitios cruzados (XSS) en el fichero modules/ecal/display.php de Event Calendar, en bcoos 1.0.10, y versiones anteriores. Permite que atacantes remotos inyecten, a su elección, códigos web o HTML usando los parámetros (1) day o... • http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6275 – bcoos 1.0.10 - 'ratefile.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6275
07 Dec 2007 — SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. Una vulnerabilidad de inyección SQL en el archivo modules/adresses/ratefile.php en bcoos versiones 1.0.10 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro lid, un vector diferente de CVE-2007-6266. Total Results: 16886 CVE ID GO Start Translation o... • https://www.exploit-db.com/exploits/30836 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-6079 – bcoos 1.0.10 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2007-6079
21 Nov 2007 — Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. Vulnerabilidad de salto de directorio en include/common.php de bcoos 1.0.10 permite a atacantes remotos incluir y ejecutar ficheros locale... • https://www.exploit-db.com/exploits/4637 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 5CVE-2007-6080 – bcoos 1.0.10 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2007-6080
21 Nov 2007 — SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected. Una vulnerabilidad de inyección SQL en el archivo modules/banners/click.php en el módulo banners para bcoos versión 1.0.10, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro bid. NOTA: más tarde se reportó que la versión 1.0.13 también está ... • https://www.exploit-db.com/exploits/4637 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5104
https://notcve.org/view.php?id=CVE-2007-5104
26 Sep 2007 — SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en index.php en el módulo Arcade en bcoos 1.0.10 permite a atacantes remotos ejecutar comandos SQL a través del parámetro gid en una acción play_game. NOTE: el origen de esta informaci... • http://secunia.com/advisories/26945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •