Bcoos

Bcoos

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-7036

Exploit
  • EPSS 0.26%
  • Published 24.08.2009 10:30:01
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1...

4.6

CVE-2008-6381

Exploit
  • EPSS 0.12%
  • Published 02.03.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.

5

CVE-2008-2350

Exploit
  • EPSS 4.27%
  • Published 20.05.2008 17:20:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.

7.5

CVE-2007-6266

Exploit
  • EPSS 0.36%
  • Published 07.12.2007 11:46:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/rate...

4.3

CVE-2007-6274

Exploit
  • EPSS 0.29%
  • Published 07.12.2007 11:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.

7.5

CVE-2007-6275

Exploit
  • EPSS 0.3%
  • Published 07.12.2007 11:46:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.

6.8

CVE-2007-6079

Exploit
  • EPSS 2.08%
  • Published 21.11.2007 22:46:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this c...

7.5

CVE-2007-6080

Exploit
  • EPSS 1.81%
  • Published 21.11.2007 22:46:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.

7.5

CVE-2007-5104

  • EPSS 0.41%
  • Published 26.09.2007 22:17:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are...