CVE-2007-5772

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

Code injection

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

CVE-2007-5772

CVE-2007-5772 describes a direct static code injection in the Flatnuke 3 download module. The vulnerability allows remote authenticated administrators to inject arbitrary PHP code into a file named description.it.php under a subdirectory of Download/ by saving a description and setting fneditmode...

Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

Flatnuke 3 Remote Cookie Manipoulation / Privilege Escalation

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

Flatnuke 3 Remote Cookie Manipoulation / Privilege Escalation

Exploit for unknown platform in category web applications ============================================================= Flatnuke 3 Remote Cookie Manipoulation / Privilege Escalation =============================================================...

Unfixed XSS vulnerability at www.classinrete.it

Security researcher Langy, has submitted on 19/10/2007 a cross-site-scripting XSS vulnerability affecting www.classinrete.it, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/11/2007. It is currently...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with 1 the title parameter or 2 a "title=" sequence in the PATHINFO, or a request to the download module with 3 the cat...

CVE-2007-5052

Multiple cross-site scripting XSS vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with 1 the title parameter or 2 a "title=" sequence in the PATHINFO, or a request to the download module with 3 the cat...

Vigile CMS v1.8 Multiple Remote XSS Vulnerability

Name : Vigile CMS v1.8 Multiple Remote XSS Vulnerability Download : http://www.itcms.it/ Date : 20-09-2007 Author : x0kster Mail : [email protected] Note : For works, the wiki or the download module must be installed in the site. PoCs : Wiki 1 :...

vigilecms-xss.txt

Name : Vigile CMS v1.8 Multiple Remote XSS Vulnerability Download : http://www.itcms.it/ Date : 20-09-2007 Author : x0kster Mail : [email protected] Note : For works, the wiki or the download module must be installed in the site. PoCs : Wiki 1 :...

CVE-2007-2579

Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...

phpnuke-bypass-sql.txt

PHP Nuke = 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: All version BUG: PHP Nuke = 8.0.0.3.3b Bypass SQL Injection Protection and SQL Injections vulnerabilities AUTHOR: Aleksandar Let's look at source code...

PHP-Nuke Download Module Remote SQL Injection

================================== Fund By:BuNy-m Special for Site:www.alshmokh.com E-mail:[email protected] ================================== Example: /modules.php?name=Downloads&dop=viewdownload&cid=220UNION20select20counter,20aid,20pwd20FROM20nukeauthors20...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

CVE-2005-0616

CVE-2005-0616 describes cross-site scripting (XSS) in the PostNuke Download module for versions 0.750 and 0.760-RC2. The vulnerability affects the Download module’s handling of several input fields (Program name, File link, Author name, Author e‑mail, File size, Version, Home page), enabling remo...

PHP-Nuke 6.9 - cid SQL Injection

PHP-Nuke 6.9 - cid SQL Injection !/usr/bin/perl -w use IO::Socket; THIS CODE PUBLIC NOW = \ \ / | \ | / | / / \ | | \ | /\ \ / || /// | / / / / based on 'cid' sql injection vuln in Download module, more info about this vuln u can see here: http://rst.void.ru/texts/advisory10.htm work only on...

Spaiz-Nuke/PHP-nuke multiple bugs

SQL injection during authentication, SQL injection in web-link module, SQL injection in download module, access with encrypted password...

CrossSiteScripting PostNuke.

http://www.testnuke.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=2&ttitle=3Cscript3Ealertdocument.location3C/script3E...