Page 7 of 34 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2005-2692

https://notcve.org/view.php?id=CVE-2005-2692

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. • http://secunia.com/advisories/16514 http://www.gulftech.org/?node=research&article_id=00094-08192005 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-1031

https://notcve.org/view.php?id=CVE-2005-1031

RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. • http://marc.info/?l=bugtraq&m=111280711228450&w=2 http://secunia.com/advisories/14869 http://www.runcms.org/public/modules/news http://www.securityfocus.com/bid/13027 https://exchange.xforce.ibmcloud.com/vulnerabilities/20001 •

CVSS: 5.0EPSS: 6%CPEs: 3EXPL: 3

CVE-2005-0828 – RunCMS 1.1 - Database Configuration Information Disclosure

https://notcve.org/view.php?id=CVE-2005-0828

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php. • https://www.exploit-db.com/exploits/25237 http://marc.info/?l=bugtraq&m=111117241923006&w=2 http://marc.info/?l=bugtraq&m=111125645312693&w=2 http://secunia.com/advisories/14641 http://secunia.com/advisories/14648 http://securitytracker.com/id?1013485 http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf http://www.osvdb.org/14890 http://www.securityfocus.com/bid/12848 https:/ •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-0827

https://notcve.org/view.php?id=CVE-2005-0827

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. • http://marc.info/?l=bugtraq&m=111117182417422&w=2 http://marc.info/?l=bugtraq&m=111125588920928&w=2 http://secunia.com/advisories/14641 http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/19755 •