CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 5CVE-2008-7036 – DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7036
24 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo DevTracker v3.0 de bcoos v1.1.11 y versiones anteriores, y el módulo DevTracker v0.20 de E-XooPS v1.0.8, permiten a usu... • https://www.exploit-db.com/exploits/31112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2008-6381 – bcoos 1.0.13 - 'viewcat.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6381
02 Mar 2009 — SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en el archivo modules/adresses/viewcat.php en bcoos 1.0.13, y posiblemente anteriores, que permite a los usuarios remotos autenticados con permisos del modulo Addresses para ejecutar arbitrariamente comandos SQL a través del parámetro cid. • https://www.exploit-db.com/exploits/7317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 3CVE-2008-2350 – bcoos 1.0.13 - 'file' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-2350
20 May 2008 — Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. Vulnerabilidad de salto de directorio en highlight.php de bcoos 1.0.9 hasta 1.0.13; permite a atacantes remotos leer ficheros de su elección mediante las secuencias (1) .. (punto punto) o (2) carpeta C: en el parámetro file. • https://www.exploit-db.com/exploits/31806 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •