3 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo DevTracker v3.0 de bcoos v1.1.11 y versiones anteriores, y el módulo DevTracker v0.20 de E-XooPS v1.0.8, permiten a usuarios remotos inyectar codigo de script web o código HTML a través los parámetros (1)direction y (2) order_by. • https://www.exploit-db.com/exploits/31112 http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html http://osvdb.org/44334 http://osvdb.org/44335 http://www.securityfocus.com/bid/27619 https://exchange.xforce.ibmcloud.com/vulnerabilities/40306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 3%CPEs: 5EXPL: 2

SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en el archivo modules/adresses/viewcat.php en bcoos 1.0.13, y posiblemente anteriores, que permite a los usuarios remotos autenticados con permisos del modulo Addresses para ejecutar arbitrariamente comandos SQL a través del parámetro cid. • https://www.exploit-db.com/exploits/7317 http://osvdb.org/50373 http://secunia.com/advisories/32870 http://www.securityfocus.com/bid/32561 https://exchange.xforce.ibmcloud.com/vulnerabilities/46973 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 3

Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. Vulnerabilidad de salto de directorio en highlight.php de bcoos 1.0.9 hasta 1.0.13; permite a atacantes remotos leer ficheros de su elección mediante las secuencias (1) .. (punto punto) o (2) carpeta C: en el parámetro file. • https://www.exploit-db.com/exploits/31806 http://lostmon.blogspot.com/2008/05/bcoos-highlightphp-traversal-file.html http://secunia.com/advisories/30035 http://www.securityfocus.com/bid/29275 https://exchange.xforce.ibmcloud.com/vulnerabilities/42506 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •