1
pleiku
A lot of Bug for Xoops Modules
  • 2007/4/6 10:43

  • pleiku

  • Just popping in

  • Posts: 2

  • Since: 2003/10/19


Please visit this site:

http://www.milw0rm.com/search.php

You can type keyword: xoops


List bug:

2007-04-05 XOOPS Module Jobs <= 2.4 (cid) Remote SQL Injection Exploit 374 R D ajann
2007-04-05 XOOPS Module WF-Links <= 1.03 (cid) Remote SQL Injection Exploit 424 R D ajann
2007-04-04 XOOPS Module Rha7 Downloads 1.0 (visit.php) SQL Injection Exploit 931 R D ajann
2007-04-04 XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit 705 R D ajann
2007-04-03 XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit 720 R D ajann
2007-04-02 XOOPS Module Zmagazine 1.0 (print.php) Remote SQL Injection Exploit 1003 R D ajann
2007-04-02 XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit 597 R D ajann
2007-04-02 XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit 571 R D ajann
2007-04-01 XOOPS Module RM+Soft Gallery 1.0 BLIND SQL Injection Exploit 768 R D ajann
2007-04-01 XOOPS Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit 613 R D ajann
2007-04-01 XOOPS Module debaser <= 0.92 (genre.php) BLIND SQL Injection Exploit 480 R D ajann
2007-04-01 XOOPS Module Camportail <= 1.1 (camid) Remote SQL Injection Exploit 447 R D ajann
2007-04-01 XOOPS Module Kshop <= 1.17 (id) Remote SQL Injection Exploit 325 R D ajann
2007-04-01 XOOPS Module Tiny Event <= 1.01 (id) Remote SQL Injection Exploit 227 R D ajann
2007-04-01 XOOPS Module eCal <= 2.24 (display.php) Remote SQL Injection Exploit 271 R D ajann
2007-03-31 XOOPS Module Tutoriais (viewcat.php) Remote SQL Injection Exploit 1515 R D ajann
2007-03-31 XOOPS Module Core (viewcat.php) Remote SQL Injection Exploit 889 R D ajann
2007-03-31 XOOPS Module Library (viewcat.php) Remote SQL Injection Exploit 779 R D ajann
2007-03-31 XOOPS Module Lykos Reviews 1.00 (index.php) SQL Injection Exploit 870 R D ajann
2007-03-30 XOOPS Module Repository (viewcat.php) Remote SQL Injection Exploit 938 R D ajann
2007-03-29 XOOPS Module MyAds Bug Fix <= 2.04jp (index.php) SQL Injection Exploit 828 R D ajann
2007-03-28 XOOPS Module Friendfinder <= 3.3 (view.php id) SQL Injection Exploit 980 R D ajann
2007-03-28 XOOPS module Articles <= 1.03 (index.php cat_id) SQL Injection Exploit 1272 R D ajann
2007-03-27 XOOPS module Articles <= 1.02 (print.php id) SQL Injection Exploit 1411 R D UniquE-Key
2006-06-28 XOOPS myAds Module (lid) Remote SQL Injection Vulnerability 4603 R D KeyCoder
2006-05-21 XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit 7207 R D rgod
2005-11-12 XOOPS (wfdownloads) 2.05 Module Multiple Vulnerabilities Exploit 5971 R D rgod
2005-07-04 XOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit 8218 R M D RusH

2
Anonymous
Re: A lot of Bug for Xoops Modules
  • 2007/4/6 10:49

  • Anonymous

  • Posts: 0

  • Since:


See this thread here which appears on the homepage and so is very current.

3
Anonymous
Re: A lot of Bug for Xoops Modules
  • 2007/4/6 11:02

  • Anonymous

  • Posts: 0

  • Since:


Searching for Joomla gives:

2007-03-27 Joomla Component D4JeZine <= 2.8 Remote BLIND SQL Injection Exploit 1836 R D ajann
2007-03-24 Joomla Component RWCards <= 2.4.3 Remote SQL Injection Exploit 2081 R D ajann
2007-03-24 Joomla Component Car Manager <= 1.1 Remote SQL Injection Exploit 1544 R D ajann
2007-03-23 Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability 2381 R D Cold Zero
2007-03-23 Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability 1984 R D Cold Zero
2006-11-17 MosReporter Joomla Component 0.9.3 Remote File Include Exploit 4000 R D Crackers_Child
2006-08-19 Joomla <=1.0.10 (poll component) Arbitrary Add Votes Exploit 6829 R D trueend5
2006-08-18 Joomla Kochsuite Component <= 0.9.4 Remote File Include Vulnerability 4214 R D camino
2006-08-18 Joomla Link Directory Component <= 1.0.3 Remote Include Vulnerability 5077 R D camino
2006-08-18 Joomla Artlinks Component <= 1.0b4 Remote Include Vulnerability 4633 R D camino
2006-08-17 Joomla Mosets Tree <= 1.0 Remote File Include Vulnerability 3267 R D Crackers_Child
2006-08-17 Joomla com_jim Component <= 1.0.1 Remote File Include Vulnerability 4061 R D xoron
2006-08-13 Joomla Webring Component <= 1.0 Remote Include Vulnerability 5234 R D xoron
2006-08-07 Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability 3371 R D jank0
2006-07-30 Joomla LMO Component <= 1.0b2 Remote Include Vulnerability 4123 R D vitux
2006-07-30 Joomla com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability 4511 R D Pablin77
2006-06-17 Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit 15544 R D rgod
2006-04-19 Mambo <= 4.5.3 , Joomla <=1.0.7 (feed) Denial of Service Exploit 7710 R D trueend5

Searching for Drupal gives:

2007-02-15 Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2 1870 R D str0ke
2007-02-15 Drupal < 5.1 (post comments) Remote Command Execution Exploit v2 2983 R D str0ke
2006-05-24 Drupal <= 4.7 (attachment mod_mime) Remote Exploit 4676 R D rgod
2005-07-05 Drupal <= 4.5.3 & <= 4.6.1 Comments PHP Injection Exploit 6855 R D dab

etc......

Easy, isn't it?

4
davidl2
Re: A lot of Bug for Xoops Modules
  • 2007/4/6 11:10

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Quote:

pleiku wrote:
Please visit this site:

http://www.milw0rm.com/search.php

You can type keyword: xoops


And searching properly will tell you that these modules are mostly ancient versions.

Example: MyAlbum-P version 2 is listed.

This issue was corrected over 3 years ago!

(The author comments on this on his site.. and makes the good point that users who do not update are not being sensible)

Login

Who's Online

295 user(s) are online (191 user(s) are browsing Support Forums)


Members: 0


Guests: 295


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits