94 matches found
PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting
PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...
PHP-Nuke 6.x/7.x 'Downloads' Module - 'Lid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious...
Ciamos Installation path(IHS)
IHS Iran Hackers Sabotage Public advisory by : NT [email protected] I Would Change A Default Value In CIAMOS,By Change A value In Viewcat.php I Get An Error On It Show CIAMOS Installation Path. Tested In Ciamos 0.9.2 RC1 ------------------------------------------- Going To CIAMOS And Downloads OR...
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
postnukeSQL0760-2.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
CVE-2004-2752
Cross-site scripting XSS vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action...
CVE-2004-1999
Cross-site scripting XSS vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the 1 ttitle or 2 sid parameters to modules.php...
CVE-2004-2000
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the 1 orderby or 2 sid parameters to modules.php...
CVE-2004-1957
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the 1 lid and query parameters to the Downloads module, 2 query parameter to the Weblinks module, or 3 hlpfile parameter to openwindow.php...
PostNuke Phoenix 0.726 - 'openwindow.php?hlpfile' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: - Multiple path disclosure vulnerabilities that occur when a user directly requests scripts in the "/includes/blocks/" an...
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to the getit function or the 2 min parameter to the search function...
Chatserver - XSS ( push )
PostNuke Downloads & WebLinks ttitle variable XSS ------ Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM http://www.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches in all versions Phoenix 0.7.2.3 without patches in all versions 0.7.2.1 All prior version...
PostNuke Downloads & Web_Links ttitle variable XSS
PostNuke Downloads & WebLinks ttitle variable XSS ------ Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM http://www.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches in all versions Phoenix 0.7.2.3 without patches in all versions 0.7.2.1 All prior version...
PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
PHP-Nuke 6.5 Multiple Downloads Module - SQL Injection source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of S...