Please visit this site:

http://www.milw0rm.com/search.php

You can type keyword: xoops


List bug:

2007-04-05 XOOPS Module Jobs <= 2.4 (cid) Remote SQL Injection Exploit 374 R D ajann
2007-04-05 XOOPS Module WF-Links <= 1.03 (cid) Remote SQL Injection Exploit 424 R D ajann
2007-04-04 XOOPS Module Rha7 Downloads 1.0 (visit.php) SQL Injection Exploit 931 R D ajann
2007-04-04 XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit 705 R D ajann
2007-04-03 XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit 720 R D ajann
2007-04-02 XOOPS Module Zmagazine 1.0 (print.php) Remote SQL Injection Exploit 1003 R D ajann
2007-04-02 XOOPS Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit 597 R D ajann
2007-04-02 XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit 571 R D ajann
2007-04-01 XOOPS Module RM+Soft Gallery 1.0 BLIND SQL Injection Exploit 768 R D ajann
2007-04-01 XOOPS Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit 613 R D ajann
2007-04-01 XOOPS Module debaser <= 0.92 (genre.php) BLIND SQL Injection Exploit 480 R D ajann
2007-04-01 XOOPS Module Camportail <= 1.1 (camid) Remote SQL Injection Exploit 447 R D ajann
2007-04-01 XOOPS Module Kshop <= 1.17 (id) Remote SQL Injection Exploit 325 R D ajann
2007-04-01 XOOPS Module Tiny Event <= 1.01 (id) Remote SQL Injection Exploit 227 R D ajann
2007-04-01 XOOPS Module eCal <= 2.24 (display.php) Remote SQL Injection Exploit 271 R D ajann
2007-03-31 XOOPS Module Tutoriais (viewcat.php) Remote SQL Injection Exploit 1515 R D ajann
2007-03-31 XOOPS Module Core (viewcat.php) Remote SQL Injection Exploit 889 R D ajann
2007-03-31 XOOPS Module Library (viewcat.php) Remote SQL Injection Exploit 779 R D ajann
2007-03-31 XOOPS Module Lykos Reviews 1.00 (index.php) SQL Injection Exploit 870 R D ajann
2007-03-30 XOOPS Module Repository (viewcat.php) Remote SQL Injection Exploit 938 R D ajann
2007-03-29 XOOPS Module MyAds Bug Fix <= 2.04jp (index.php) SQL Injection Exploit 828 R D ajann
2007-03-28 XOOPS Module Friendfinder <= 3.3 (view.php id) SQL Injection Exploit 980 R D ajann
2007-03-28 XOOPS module Articles <= 1.03 (index.php cat_id) SQL Injection Exploit 1272 R D ajann
2007-03-27 XOOPS module Articles <= 1.02 (print.php id) SQL Injection Exploit 1411 R D UniquE-Key
2006-06-28 XOOPS myAds Module (lid) Remote SQL Injection Vulnerability 4603 R D KeyCoder
2006-05-21 XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit 7207 R D rgod
2005-11-12 XOOPS (wfdownloads) 2.05 Module Multiple Vulnerabilities Exploit 5971 R D rgod
2005-07-04 XOOPS <= 2.0.11 xmlrpc.php SQL Injection Exploit 8218 R M D RusH

See this thread here which appears on the homepage and so is very current.

Searching for Joomla gives:

2007-03-27 Joomla Component D4JeZine <= 2.8 Remote BLIND SQL Injection Exploit 1836 R D ajann
2007-03-24 Joomla Component RWCards <= 2.4.3 Remote SQL Injection Exploit 2081 R D ajann
2007-03-24 Joomla Component Car Manager <= 1.1 Remote SQL Injection Exploit 1544 R D ajann
2007-03-23 Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability 2381 R D Cold Zero
2007-03-23 Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability 1984 R D Cold Zero
2006-11-17 MosReporter Joomla Component 0.9.3 Remote File Include Exploit 4000 R D Crackers_Child
2006-08-19 Joomla <=1.0.10 (poll component) Arbitrary Add Votes Exploit 6829 R D trueend5
2006-08-18 Joomla Kochsuite Component <= 0.9.4 Remote File Include Vulnerability 4214 R D camino
2006-08-18 Joomla Link Directory Component <= 1.0.3 Remote Include Vulnerability 5077 R D camino
2006-08-18 Joomla Artlinks Component <= 1.0b4 Remote Include Vulnerability 4633 R D camino
2006-08-17 Joomla Mosets Tree <= 1.0 Remote File Include Vulnerability 3267 R D Crackers_Child
2006-08-17 Joomla com_jim Component <= 1.0.1 Remote File Include Vulnerability 4061 R D xoron
2006-08-13 Joomla Webring Component <= 1.0 Remote Include Vulnerability 5234 R D xoron
2006-08-07 Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability 3371 R D jank0
2006-07-30 Joomla LMO Component <= 1.0b2 Remote Include Vulnerability 4123 R D vitux
2006-07-30 Joomla com_bayesiannaivefilter Component <= 1.1 Inclusion Vulnerability 4511 R D Pablin77
2006-06-17 Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit 15544 R D rgod
2006-04-19 Mambo <= 4.5.3 , Joomla <=1.0.7 (feed) Denial of Service Exploit 7710 R D trueend5

Searching for Drupal gives:

2007-02-15 Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2 1870 R D str0ke
2007-02-15 Drupal < 5.1 (post comments) Remote Command Execution Exploit v2 2983 R D str0ke
2006-05-24 Drupal <= 4.7 (attachment mod_mime) Remote Exploit 4676 R D rgod
2005-07-05 Drupal <= 4.5.3 & <= 4.6.1 Comments PHP Injection Exploit 6855 R D dab

etc......

Easy, isn't it?

Quote:

And searching properly will tell you that these modules are mostly ancient versions.

Example: MyAlbum-P version 2 is listed.

This issue was corrected over 3 years ago!

(The author comments on this on his site.. and makes the good point that users who do not update are not being sensible)