Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bcoos bcoos 1.0.10 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6381
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.9
Bcoos Bcoos
Bcoos Bcoos 1.0.12
1 EDB exploit
NA
CVE-2008-2350
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 up to and including 1.0.13 allows remote malicious users to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
Bcoos Bcoos 1.0.12
Bcoos Bcoos 1.0.13
Bcoos Bcoos 1.0.9
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.11
1 EDB exploit
NA
CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using ...
Bcoos Bcoos 1.0.10
1 EDB exploit
NA
CVE-2007-6080
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote malicious users to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
Bcoos Bcoos 1.0.10
2 EDB exploits
NA
CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (...
Bcoos Bcoos 1.0.10
2 EDB exploits
NA
CVE-2007-5104
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote malicious users to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from thi...
Bcoos Bcoos 1.0.10
NA
CVE-2008-7036
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and previous versions, and DevTracker module 0.20 for E-XooPS 1.0.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) di...
E-xoops E-xoops
E-xoops E-xoops 1.05
Bcoos Devtracker 0.20
Bcoos Devtracker 3.0
Bcoos Bcoos
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.9
Bcoos Bcoos 1.0.12
Bcoos Bcoos 1.0.13
1 EDB exploit
NA
CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and previous versions allows remote malicious users to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.
Bcoos Bcoos
1 EDB exploit
NA
CVE-2007-6365
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote malicious users to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained s...
Bcoos Event Calendar 1.0.10
NA
CVE-2007-6274
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
Bcoos Bcoos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started