CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 5CVE-2008-7036 – DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7036
24 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo DevTracker v3.0 de bcoos v1.1.11 y versiones anteriores, y el módulo DevTracker v0.20 de E-XooPS v1.0.8, permiten a usu... • https://www.exploit-db.com/exploits/31112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 8CVE-2007-6380 – E-Xoops 1.0.5/1.0.8 - '/adresses/ratefile.php?lid' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6380
15 Dec 2007 — Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5... • https://www.exploit-db.com/exploits/30862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2005-1031
https://notcve.org/view.php?id=CVE-2005-1031
09 Apr 2005 — RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. • http://marc.info/?l=bugtraq&m=111280711228450&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0827
https://notcve.org/view.php?id=CVE-2005-0827
22 Mar 2005 — Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. • http://marc.info/?l=bugtraq&m=111117182417422&w=2 •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 3CVE-2005-0828 – RunCMS 1.1 - Database Configuration Information Disclosure
https://notcve.org/view.php?id=CVE-2005-0828
22 Mar 2005 — highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php. • https://www.exploit-db.com/exploits/25237 •