94 matches found
CVE-2009-0302
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...
Sql injection
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...
CVE-2009-0302
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...
PHP-Nuke Downloads Module - url SQL Injection
PHP-Nuke Downloads Module - url SQL Injection source: https://www.securityfocus.com/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
PHP-Nuke Downloads Module - 'url' SQL Injection
source: https://www.securityfocus.com/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Sql injection
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0...
PHP-Nuke Downloads Module - 'sid' SQL Injection
source: https://www.securityfocus.com/bid/27932/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
CVE-2004-2752
Cross-site scripting XSS vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action...
CVE-2004-2752
PostNuke’s Downloads module (≤0.726) is affected by a cross-site scripting (XSS) flaw in the viewdownloaddetails action, triggered via the ttitle parameter. This allows remote injection of arbitrary HTML/JavaScript. The description is corroborated across CVE/NVD/Red Hat records; one connected EUV...
CVE-2007-3814
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...
CVE-2007-3814
CVE-2007-3814 documents multiple SQL injection vulnerabilities in MKPortal 1.1.1 that allow remote attackers to execute arbitrary SQL commands through numerous parameters in index.php across several modules (urlobox, reviews, news, gallery, downloads), including idurlo, iden, idnews, idcomm, ide,...
CVE-2007-1519
Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...
Cross site scripting
Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...
PT-2007-2909 · Php Nuke · Php-Nuke
Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...
CVE-2006-6233
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php,...
CVE-2006-6233
The CVE refers to an SQL injection in the Downloads module of PostNuke (unknown versions). The vulnerability is triggered by the lid parameter in a viewdownloaddetails operation, potentially arising from the viewdownloaddetails function in dl-downloaddetails.php. Impact is partial confidentiality...
CVE-2006-6233
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php,...
PHPNuke 7.* Version Downloads Module SQL Injection Exp.
PHPNuke 7. Version Downloads Module SQL Injection Exp. Credit : WiLdBoY Exp. Link : http://root-security.t35.com/PHPNuke-Downloads.pl -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze...
PHPNuke 7.* Version Downloads Module SQL Injection Exp.
PHPNuke 7. Version Downloads Module SQL Injection Exp. Credit : WiLdBoY Exp. Link : http://root-security.t35.com/PHPNuke-Downloads.pl -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze...
CVE-2006-1033
Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...