ID 2662.PRM Type nessus Reporter Tenable Modified 2019-03-06T00:00:00
Description
The remote host is running PostNuke version 0.760 RC2 or older. These
versions suffer from several vulnerabilities, among them :
) SQL injection vulnerability in the News, NS-Polls and
NS-AddStory modules.
) SQL injection vulnerability in the Downloads module.
)Cross-site scripting vulnerabilities in the Downloads
module.
) Possible path disclosure vulnerability in the News module.
An attacker may use the SQL injection vulnerabilities to obtain the
password hash for the administrator or to corrupt the
database used by PostNuke.
Exploiting the XSS flaws may enable an attacker to inject arbitrary
script code into the browser of site administrators leading to
disclosure of session cookies.
Binary data 2662.prm
{"id": "2662.PRM", "type": "nessus", "bulletinFamily": "scanner", "title": "PostNuke < 0.760 RC3 Multiple Vulnerabilities", "description": "The remote host is running PostNuke version 0.760 RC2 or older. These\nversions suffer from several vulnerabilities, among them :\n\n*) SQL injection vulnerability in the News, NS-Polls and\nNS-AddStory modules.\n*) SQL injection vulnerability in the Downloads module.\n*)Cross-site scripting vulnerabilities in the Downloads\nmodule.\n*) Possible path disclosure vulnerability in the News module.\n\nAn attacker may use the SQL injection vulnerabilities to obtain the\npassword hash for the administrator or to corrupt the \ndatabase used by PostNuke.\n\nExploiting the XSS flaws may enable an attacker to inject arbitrary\nscript code into the browser of site administrators leading to\ndisclosure of session cookies.", "published": "2005-03-02T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nnm/2662", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0615", "http://news.postnuke.com/Article2669.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0616", "http://archives.neohapsis.com/archives/bugtraq/2005-02/0471.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0617"], "cvelist": ["CVE-2005-0615", "CVE-2005-0616", "CVE-2005-0617"], "immutableFields": [], "lastseen": "2021-08-19T13:17:44", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0615", "CVE-2005-0616", "CVE-2005-0617"]}, {"type": "freebsd", "idList": ["7E580822-8CD8-11D9-8C81-000A95BC6FAE", "F3EEC2B5-8CD8-11D9-8066-000A95BC6FAE"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_7E5808228CD811D98C81000A95BC6FAE.NASL", "FREEBSD_PKG_F3EEC2B58CD811D98066000A95BC6FAE.NASL", "POSTNUKE_0_760_RC2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:52164", "OPENVAS:52165"]}], "rev": 4}, "score": {"value": 5.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2005-0615", "CVE-2005-0616", "CVE-2005-0617"]}, {"type": "freebsd", "idList": ["7E580822-8CD8-11D9-8C81-000A95BC6FAE", "F3EEC2B5-8CD8-11D9-8066-000A95BC6FAE"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_7E5808228CD811D98C81000A95BC6FAE.NASL"]}]}, "exploitation": null, "vulnersScore": 5.1}, "pluginID": "2662", "sourceData": "Binary data 2662.prm", "naslFamily": "CGI", "cpe": ["cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*"], "solution": "Upgrade to version 0.760 RC3 or higher.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647170717}}
{"nessus": [{"lastseen": "2022-04-12T15:28:47", "description": "The remote host is running PostNuke version 0.760 RC2 or older. These versions suffer from several vulnerabilities, among them :\n\n - SQL injection vulnerability in the News, NS-Polls and NS-AddStory modules.\n - SQL injection vulnerability in the Downloads module.\n - Cross-site scripting vulnerabilities in the Downloads module.\n - Possible path disclosure vulnerability in the News module.\n\nAn attacker may use the SQL injection vulnerabilities to obtain the password hash for the administrator or to corrupt the database database used by PostNuke. \n\nExploiting the XSS flaws may enable an attacker to inject arbitrary script code into the browser of site administrators leading to disclosure of session cookies.", "cvss3": {"score": null, "vector": null}, "published": "2005-03-01T00:00:00", "type": "nessus", "title": "PostNuke <= 0.760 RC2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0615", "CVE-2005-0616", "CVE-2005-0617"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:postnuke_software_foundation:postnuke"], "id": "POSTNUKE_0_760_RC2.NASL", "href": "https://www.tenable.com/plugins/nessus/17240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17240);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-0615\", \"CVE-2005-0616\", \"CVE-2005-0617\");\n script_bugtraq_id(12683, 12684, 12685);\n\n script_name(english:\"PostNuke <= 0.760 RC2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that suffers from\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running PostNuke version 0.760 RC2 or older. These\nversions suffer from several vulnerabilities, among them :\n\n - SQL injection vulnerability in the News, NS-Polls and \n NS-AddStory modules.\n - SQL injection vulnerability in the Downloads module.\n - Cross-site scripting vulnerabilities in the Downloads\n module.\n - Possible path disclosure vulnerability in the News module.\n\nAn attacker may use the SQL injection vulnerabilities to obtain the\npassword hash for the administrator or to corrupt the database\ndatabase used by PostNuke. \n\nExploiting the XSS flaws may enable an attacker to inject arbitrary\nscript code into the browser of site administrators leading to\ndisclosure of session cookies.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Mar/8\");\n script_set_attribute(attribute:\"see_also\", value:\"http://news.postnuke.com/Article2669.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either upgrade and apply patches for 0.750 or upgrade to 0.760 RC3 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postnuke_software_foundation:postnuke\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"postnuke_detect.nasl\");\n script_require_keys(\"www/PHP\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port))exit(0);\n\nkb = get_kb_item(\"www/\" + port + \"/postnuke\" );\nif (! kb) exit(0);\ninstall = eregmatch(pattern:\"(.*) under (.*)\", string:kb );\nver = install[1];\ndir = install[2];\n\n# Try the SQL injection exploits.\nexploits = make_list(\n \"catid='cXIb8O3\",\n \"name=Downloads&req=search&query=&show=cXIb8O3\",\n \"name=Downloads&req=search&query=&orderby=\"\n);\n\nforeach exploit (exploits) {\n if (test_cgi_xss(port: port, cgi: \"/index.php\", qs: exploit, dirs: make_list(dir),\n sql_injection: 1, high_risk: 1,\n pass_re: \"DB Error: getArticles:|Fatal error: .+/modules/Downloads/dl-search.php\"))\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:57", "description": "Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0615", "CVE-2005-0617"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:postnuke", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F3EEC2B58CD811D98066000A95BC6FAE.NASL", "href": "https://www.tenable.com/plugins/nessus/19170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19170);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0615\", \"CVE-2005-0617\");\n\n script_name(english:\"FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two separate SQL injection vulnerabilities have been identified in the\nPostNuke PHP content management system. An attacker can use this\nvulnerability to potentially insert executable PHP code into the\ncontent management system (to view all files within the PHP scope, for\ninstance). Various other SQL injection vulnerabilities exist, which\ngive attackers the ability to run SQL queries on any tables within the\ndatabase.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110962710805864\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110962819232255\"\n );\n # http://news.postnuke.com/Article2669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postnuke.com/Article2669.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3eec2b5-8cd8-11d9-8066-000a95bc6fae.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b1ca7cc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postnuke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postnuke<0.760\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:57", "description": "A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be used to retrieve session information from cookies, thereby allowing the attacker to gain administrative access to the CMS.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "FreeBSD : postnuke -- XSS (XSS) vulnerabilities (7e580822-8cd8-11d9-8c81-000a95bc6fae)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0616"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:postnuke", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7E5808228CD811D98C81000A95BC6FAE.NASL", "href": "https://www.tenable.com/plugins/nessus/18999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18999);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0616\");\n\n script_name(english:\"FreeBSD : postnuke -- XSS (XSS) vulnerabilities (7e580822-8cd8-11d9-8c81-000a95bc6fae)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting vulnerability is present in the PostNuke PHP\ncontent management system. By passing data injected through\nexploitable errors in input validation, an attacker can insert code\nwhich will run on the machine of anybody viewing the page. It is\nfeasible that this attack could be used to retrieve session\ninformation from cookies, thereby allowing the attacker to gain\nadministrative access to the CMS.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110962768300373\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110962768300373\"\n );\n # http://news.postnuke.com/Article2669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postnuke.com/Article2669.html\"\n );\n # https://vuxml.freebsd.org/freebsd/7e580822-8cd8-11d9-8c81-000a95bc6fae.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?517d7379\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postnuke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postnuke<0.760\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:51", "description": "\n\nTwo separate SQL injection vulnerabilities have been\n\t identified in the PostNuke PHP content management\n\t system. An attacker can use this vulnerability to\n\t potentially insert executable PHP code into the content\n\t management system (to view all files within the PHP scope,\n\t for instance). Various other SQL injection vulnerabilities\n\t exist, which give attackers the ability to run SQL queries\n\t on any tables within the database.\n\n", "cvss3": {}, "published": "2005-02-28T00:00:00", "type": "freebsd", "title": "postnuke -- SQL injection vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0615", "CVE-2005-0617"], "modified": "2005-02-28T00:00:00", "id": "F3EEC2B5-8CD8-11D9-8066-000A95BC6FAE", "href": "https://vuxml.freebsd.org/freebsd/f3eec2b5-8cd8-11d9-8066-000a95bc6fae.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T16:03:51", "description": "\n\nA cross-site scripting vulnerability is present in the\n\t PostNuke PHP content management system. By passing data\n\t injected through exploitable errors in input validation, an\n\t attacker can insert code which will run on the machine of\n\t anybody viewing the page. It is feasible that this attack\n\t could be used to retrieve session information from cookies,\n\t thereby allowing the attacker to gain administrative access\n\t to the CMS.\n\n", "cvss3": {}, "published": "2005-02-28T00:00:00", "type": "freebsd", "title": "postnuke -- cross-site scripting (XSS) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0616"], "modified": "2005-02-28T00:00:00", "id": "7E580822-8CD8-11D9-8C81-000A95BC6FAE", "href": "https://vuxml.freebsd.org/freebsd/7e580822-8cd8-11d9-8c81-000a95bc6fae.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-02T21:10:15", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: postnuke", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0617", "CVE-2005-0615"], "modified": "2016-09-28T00:00:00", "id": "OPENVAS:52164", "href": "http://plugins.openvas.org/nasl.php?oid=52164", "sourceData": "#\n#VID f3eec2b5-8cd8-11d9-8066-000a95bc6fae\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: postnuke\n\nCVE-2005-0617\nSQL injection vulnerability in dl-search.php in PostNuke 0.750 and\n0.760-RC2 allows remote attackers to execute arbitrary SQL commands\nvia the show parameter.\n\nCVE-2005-0615\nMultiple SQL injection vulnerabilities in (1) index.php, (2)\nmodules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote\nattackers to execute arbitrary SQL code via the catid parameter.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://news.postnuke.com/Article2669.html\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255\nhttp://www.vuxml.org/freebsd/f3eec2b5-8cd8-11d9-8066-000a95bc6fae.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52164);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0617\", \"CVE-2005-0615\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postnuke\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postnuke\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.760\")<0) {\n txt += 'Package postnuke version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:13", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: postnuke", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-0616"], "modified": "2016-09-28T00:00:00", "id": "OPENVAS:52165", "href": "http://plugins.openvas.org/nasl.php?oid=52165", "sourceData": "#\n#VID 7e580822-8cd8-11d9-8c81-000a95bc6fae\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: postnuke\n\nCVE-2005-0616\nMultiple cross-site scripting (XSS) vulnerabilities in the Download\nmodule for PostNuke 0.750 and 0.760-RC2 allow remote attackers to\ninject arbitrary web script or HTML via the (1) Program name, (2) File\nlink, (3) Author name (4) Author e-mail address, (5) File size, (6)\nVersion, or (7) Home page variables.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://news.postnuke.com/Article2669.html\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110962768300373\nhttp://www.vuxml.org/freebsd/7e580822-8cd8-11d9-8c81-000a95bc6fae.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52165);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: postnuke\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postnuke\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.760\")<0) {\n txt += 'Package postnuke version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T11:38:51", "description": "Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.", "cvss3": {}, "published": "2005-05-02T04:00:00", "type": "cve", "title": "CVE-2005-0615", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0615"], "modified": "2016-10-18T03:13:00", "cpe": ["cpe:/a:postnuke_software_foundation:postnuke:0.760_rc2"], "id": "CVE-2005-0615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0615", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:38:52", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables.", "cvss3": {}, "published": "2005-02-28T05:00:00", "type": "cve", "title": "CVE-2005-0616", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0616"], "modified": "2016-10-18T03:13:00", "cpe": [], "id": "CVE-2005-0616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T11:38:53", "description": "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.", "cvss3": {}, "published": "2005-05-02T04:00:00", "type": "cve", "title": "CVE-2005-0617", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0617"], "modified": "2016-10-18T03:13:00", "cpe": ["cpe:/a:postnuke_software_foundation:postnuke:0.760_rc2", "cpe:/a:postnuke_software_foundation:postnuke:0.750"], "id": "CVE-2005-0617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0617", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*", "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*"]}]}
