Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bcoos bcoos 1.0.10 vulnerabilities and exploits
(subscribe to this query)
465
VMScore
CVE-2008-6381
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.9
Bcoos Bcoos
Bcoos Bcoos 1.0.12
1 EDB exploit
505
VMScore
CVE-2008-2350
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 up to and including 1.0.13 allows remote malicious users to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
Bcoos Bcoos 1.0.12
Bcoos Bcoos 1.0.13
Bcoos Bcoos 1.0.9
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.11
1 EDB exploit
760
VMScore
CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (...
Bcoos Bcoos 1.0.10
2 EDB exploits
668
VMScore
CVE-2007-5104
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote malicious users to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from thi...
Bcoos Bcoos 1.0.10
685
VMScore
CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using ...
Bcoos Bcoos 1.0.10
1 EDB exploit
760
VMScore
CVE-2007-6080
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote malicious users to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
Bcoos Bcoos 1.0.10
2 EDB exploits
435
VMScore
CVE-2008-7036
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and previous versions, and DevTracker module 0.20 for E-XooPS 1.0.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) di...
E-xoops E-xoops
E-xoops E-xoops 1.05
Bcoos Devtracker 0.20
Bcoos Devtracker 3.0
Bcoos Bcoos
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.9
Bcoos Bcoos 1.0.12
Bcoos Bcoos 1.0.13
1 EDB exploit
755
VMScore
CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and previous versions allows remote malicious users to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.
Bcoos Bcoos
1 EDB exploit
383
VMScore
CVE-2007-6365
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote malicious users to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained s...
Bcoos Event Calendar 1.0.10
383
VMScore
CVE-2007-6274
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
Bcoos Bcoos
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started