Lucene search
K

94 matches found

NVD
NVD
added 2009/01/27 8:30 p.m.14 views

CVE-2009-0302

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...

4.6CVSS8AI score0.01462EPSS
Exploits1References9
Prion
Prion
added 2009/01/27 8:30 p.m.12 views

Sql injection

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...

4.6CVSS8.6AI score0.01462EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2009/01/27 8:0 p.m.20 views

CVE-2009-0302

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php...

8AI score0.01462EPSS
Exploits1References9
exploitpack
exploitpack
added 2009/01/23 12:0 a.m.15 views

PHP-Nuke Downloads Module - url SQL Injection

PHP-Nuke Downloads Module - url SQL Injection source: https://www.securityfocus.com/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/23 12:0 a.m.24 views

PHP-Nuke Downloads Module - 'url' SQL Injection

source: https://www.securityfocus.com/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

7AI score
Exploits0
Prion
Prion
added 2008/03/03 10:44 p.m.20 views

Sql injection

SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0...

7.5CVSS8.7AI score0.00997EPSS
Exploits1References5Affected Software1
Exploit DB
Exploit DB
added 2008/02/21 12:0 a.m.21 views

PHP-Nuke Downloads Module - 'sid' SQL Injection

source: https://www.securityfocus.com/bid/27932/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/11/14 2:0 a.m.19 views

CVE-2004-2752

Cross-site scripting XSS vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action...

5.9AI score0.01022EPSS
Exploits0References3
CVE
CVE
added 2007/11/14 2:0 a.m.47 views

CVE-2004-2752

PostNuke’s Downloads module (≤0.726) is affected by a cross-site scripting (XSS) flaw in the viewdownloaddetails action, triggered via the ttitle parameter. This allows remote injection of arbitrary HTML/JavaScript. The description is corroborated across CVE/NVD/Red Hat records; one connected EUV...

4.3CVSS6.1AI score0.01022EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/07/17 12:30 a.m.23 views

CVE-2007-3814

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

7.5CVSS8.5AI score0.02126EPSS
Exploits0References11
CVE
CVE
added 2007/07/17 12:0 a.m.61 views

CVE-2007-3814

CVE-2007-3814 documents multiple SQL injection vulnerabilities in MKPortal 1.1.1 that allow remote attackers to execute arbitrary SQL commands through numerous parameters in index.php across several modules (urlobox, reviews, news, gallery, downloads), including idurlo, iden, idnews, idcomm, ide,...

7.5CVSS8.5AI score0.02126EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2007/03/20 8:19 p.m.18 views

CVE-2007-1519

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

4.3CVSS5.6AI score0.01125EPSS
Exploits1References5
Prion
Prion
added 2007/03/20 8:19 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

4.3CVSS6AI score0.01672EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2007/03/20 12:0 a.m.6 views

PT-2007-2909 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...

4.3CVSS5.5AI score0.01125EPSS
Exploits1References7
NVD
NVD
added 2006/12/02 11:28 a.m.10 views

CVE-2006-6233

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php,...

7.5CVSS8.4AI score0.01105EPSS
Exploits0References3
CVE
CVE
added 2006/12/02 11:0 a.m.44 views

CVE-2006-6233

The CVE refers to an SQL injection in the Downloads module of PostNuke (unknown versions). The vulnerability is triggered by the lid parameter in a viewdownloaddetails operation, potentially arising from the viewdownloaddetails function in dl-downloaddetails.php. Impact is partial confidentiality...

7.5CVSS8.8AI score0.01105EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2006/12/02 11:0 a.m.19 views

CVE-2006-6233

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php,...

8.4AI score0.01105EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/04/29 12:0 a.m.32 views

PHPNuke 7.* Version Downloads Module SQL Injection Exp.

PHPNuke 7. Version Downloads Module SQL Injection Exp. Credit : WiLdBoY Exp. Link : http://root-security.t35.com/PHPNuke-Downloads.pl -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2006/04/29 12:0 a.m.28 views

PHPNuke 7.* Version Downloads Module SQL Injection Exp.

PHPNuke 7. Version Downloads Module SQL Injection Exp. Credit : WiLdBoY Exp. Link : http://root-security.t35.com/PHPNuke-Downloads.pl -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze...

2.2AI score
Exploits0
NVD
NVD
added 2006/03/07 11:2 a.m.40 views

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

4.3CVSS5.8AI score0.01901EPSS
Exploits1References6
Rows per page
Query Builder