Shodan
Vulnerabilities
Vulnerable Software
Xoops:  Security Vulnerabilities
CVE-2008-7178
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2009-09-08
CVE-2009-2783
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
CVSS Score
4.3
EPSS Score
0.073
Published
2009-08-17
CVE-2008-6884
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
CVSS Score
6.8
EPSS Score
0.057
Published
2009-07-31
CVE-2008-6885
Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message.
CVSS Score
4.3
EPSS Score
0.005
Published
2009-07-31
CVE-2009-2162
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2009-06-22
CVE-2009-0805
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
CVSS Score
4.3
EPSS Score
0.005
Published
2009-03-04
CVE-2008-5768
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-12-30
CVE-2008-5665
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-12-19
CVE-2008-5321
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-12-03
CVE-2008-4653
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved