Shodan
Vulnerabilities
Vulnerable Software
Phpoutsourcing:  Security Vulnerabilities
CVE-2006-0881
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
CVSS Score
7.5
EPSS Score
0.071
Published
2006-02-24
CVE-2006-0882
Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.
CVSS Score
5.0
EPSS Score
0.05
Published
2006-02-24
CVE-2005-4619
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.
CVSS Score
7.5
EPSS Score
0.003
Published
2005-12-31
CVE-2005-2979
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-09-20
CVE-2005-2980
Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2005-09-20
CVE-2005-2651
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter.
CVSS Score
7.5
EPSS Score
0.117
Published
2005-08-23
CVE-2005-2652
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-08-23
CVE-2005-0676
index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.
CVSS Score
7.5
EPSS Score
0.008
Published
2005-05-04
CVE-2005-0675
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-05-02
CVE-2005-0677
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved