CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6275 – bcoos 1.0.10 - 'ratefile.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. Una vulnerabilidad de inyección SQL en el archivo modules/adresses/ratefile.php en bcoos versiones 1.0.10 y anteriores, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro lid, un vector diferente de CVE-2007-6266. Total Results: 16886 CVE ID GO Start Translation on CVE-2007-6275 Refresh • https://www.exploit-db.com/exploits/30836 http://lostmon.blogspot.com/2007/11/bcoops-adressesratefilephp-lid-variable.html http://secunia.com/advisories/26945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 5CVE-2007-6080 – bcoos 1.0.10 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2007-6080
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected. Una vulnerabilidad de inyección SQL en el archivo modules/banners/click.php en el módulo banners para bcoos versión 1.0.10, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro bid. NOTA: más tarde se reportó que la versión 1.0.13 también está afectada. • https://www.exploit-db.com/exploits/4637 https://www.exploit-db.com/exploits/32536 http://www.securityfocus.com/bid/26505 http://www.securityfocus.com/bid/31941 http://www.securityfocus.com/bid/31941/exploit http://www.vupen.com/english/advisories/2007/3962 https://exchange.xforce.ibmcloud.com/vulnerabilities/38594 https://exchange.xforce.ibmcloud.com/vulnerabilities/46156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6079 – bcoos 1.0.10 - Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. Vulnerabilidad de salto de directorio en include/common.php de bcoos 1.0.10 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro xoopsOption[pagetype] para el URI por defecto de modules/news/. • https://www.exploit-db.com/exploits/4637 http://www.securityfocus.com/bid/26505 http://www.vupen.com/english/advisories/2007/3962 https://exchange.xforce.ibmcloud.com/vulnerabilities/38592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5104
https://notcve.org/view.php?id=CVE-2007-5104
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en index.php en el módulo Arcade en bcoos 1.0.10 permite a atacantes remotos ejecutar comandos SQL a través del parámetro gid en una acción play_game. NOTE: el origen de esta información es desconocido; algunos de los detalles se obtuvieron de terceras fuentes de información. • http://secunia.com/advisories/26945 http://www.securityfocus.com/bid/25790 https://exchange.xforce.ibmcloud.com/vulnerabilities/36752 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •