Searching runcms software vulnerabilities

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.

Viewcatphp |

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.


highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.

highlightphp |

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.


RUNCMS 1.1A, and possibly other products based

possibly | products | e-Xoops | RUNCMS | based | other | 11A |

RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.


includes/common.php in RunCMS 1.2 and earlier c

includes/commonphp | EXTR_OVERWRITE | attackers | variables | execution | arbitrary | overwrite | function | possibly | allowing | extract | earlier | RunCMS | allows | remote | which | calls | code | POST | HTTP |

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.


Multiple SQL injection vulnerabilities in RunCM

vulnerabilities | attackers | injection | arbitrary | commands | Multiple | execute | earlier | RunCMS | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.


Incomplete blacklist vulnerability in connector

Config[DeniedExtensions][File] | vulnerability | connectorphp | extensions | Incomplete | attackers | arbitrary | FCKeditor | blacklist | products | specific | execute | giving | phptxt | listed | script | remote | allows | RunCMS | upload | files | such | used | not |

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.


Multiple PHP remote file include vulnerabilitie

register_globals | vulnerabilities | allow_url_fopen | bbPath[path] | attackers | arbitrary | parameter | Multiple | enabled | execute | earlier | include | remote | RunCMS | allow | file | code | PHP | via |

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.


Cross-site scripting vulnerability in ratefile.

vulnerability | ratefilephp | Cross-site | attackers | arbitrary | parameter | scripting | RunCMS | script | inject | allows | remote | HTML | 13a5 | lid | web | via |

Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.


Multiple directory traversal vulnerabilities in

vulnerabilities | connectorphp | directories | arbitrary | attackers | FCKeditor | directory | traversal | Multiple | products | create | remote | RunCMS | allow | used | such | list | via |

Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.


Eval injection vulnerability in the decode func

rpc_decoderphp | vulnerability | attackers | arbitrary | injection | possibly | programs | function | execute | earlier | allows | remote | base64 | decode | exoops | runcms | phpRPC | other | code | used | Eval | tag | PHP | via |

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.


Cross-site scripting (XSS) vulnerability in big

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.


Directory traversal vulnerability in runCMS 1.2

vulnerability | bbPath[path] | attackers | arbitrary | traversal | Directory | parameter | earlier | allows | remote | runCMS | files | read | via |

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.


Multiple SQL injection vulnerabilities in RunCM

vulnerabilities | injection | Multiple | RunCMS | SQL |

Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php.


SQL injection vulnerability in class/debug/debu

class/debug/debug_showphp | vulnerability | injection | RunCms | SQL |

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.


The show_files function in RunCms 1.5.2 and ear

show_files | function | RunCms |

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.


Software vulnerabilities results 1 to 17 of 17     
Page: 1