5 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo DevTracker v3.0 de bcoos v1.1.11 y versiones anteriores, y el módulo DevTracker v0.20 de E-XooPS v1.0.8, permiten a usuarios remotos inyectar codigo de script web o código HTML a través los parámetros (1)direction y (2) order_by. • https://www.exploit-db.com/exploits/31112 http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html http://osvdb.org/44334 http://osvdb.org/44335 http://www.securityfocus.com/bid/27619 https://exchange.xforce.ibmcloud.com/vulnerabilities/40306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 3%CPEs: 5EXPL: 2

SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en el archivo modules/adresses/viewcat.php en bcoos 1.0.13, y posiblemente anteriores, que permite a los usuarios remotos autenticados con permisos del modulo Addresses para ejecutar arbitrariamente comandos SQL a través del parámetro cid. • https://www.exploit-db.com/exploits/7317 http://osvdb.org/50373 http://secunia.com/advisories/32870 http://www.securityfocus.com/bid/32561 https://exchange.xforce.ibmcloud.com/vulnerabilities/46973 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 3

Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. Vulnerabilidad de salto de directorio en highlight.php de bcoos 1.0.9 hasta 1.0.13; permite a atacantes remotos leer ficheros de su elección mediante las secuencias (1) .. (punto punto) o (2) carpeta C: en el parámetro file. • https://www.exploit-db.com/exploits/31806 http://lostmon.blogspot.com/2008/05/bcoos-highlightphp-traversal-file.html http://secunia.com/advisories/30035 http://www.securityfocus.com/bid/29275 https://exchange.xforce.ibmcloud.com/vulnerabilities/42506 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. Una vulnerabilidad de inyección SQL en el archivo modules/adresses/ratefile.php en bcoos versiones 1.0.10 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro lid, un vector diferente de CVE-2007-6266. Total Results: 16886 CVE ID GO Start Translation on CVE-2007-6275 Refresh • https://www.exploit-db.com/exploits/30836 http://lostmon.blogspot.com/2007/11/bcoops-adressesratefilephp-lid-variable.html http://secunia.com/advisories/26945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. Múltiples vulnerablidades de secuencias de comandos en sitios cruzados (XSS) en el fichero modules/ecal/display.php de Event Calendar, en bcoos 1.0.10, y versiones anteriores. Permite que atacantes remotos inyecten, a su elección, códigos web o HTML usando los parámetros (1) day o (2) year. • http://lostmon.blogspot.com/2007/11/bcoops-sql-injection-and-cross-site.html http://secunia.com/advisories/26945 http://www.securityfocus.com/bid/26629 https://exchange.xforce.ibmcloud.com/vulnerabilities/38734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •