CVE-2006-3608

The CVE-2006-3608 entry concerns Simone Vellei Flatnuke 2.5.7 and earlier. When Gallery uploads are enabled, the product does not restrict file extensions for uploads that begin with a GIF header, allowing remote authenticated users to execute arbitrary PHP code via an uploaded .php file. The NVD...

flatnuke-2.5.7_xpl.txt

12/07/200619.11.54 ----- Flatnuke 2.5.7 arbitrary file upload / remote code execution ------------- software: site: http://www.flatnuke.org/ -------------------------------------------------------------------------------- if user Gallery uploads are enabled not the default you can go to:...

CVE-2005-2415

Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the 1 value parameter to the poll module or 2 pId parameter to the gallery module...

CVE-2004-1972

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the 1 clipid or 2 catid parameters in a viewclip, viewcat, or voteclip action...

CVE-2004-1971

The CVE-2004-1971 entry concerns PHP-Nuke Video Gallery Module 0.1 Beta 5. a vulnerability where remote attackers can cause an error message by issuing HTTP requests with invalid catid or clipid parameters, causing disclosure of the full server path. Affected component: PHP-Nuke Video Gallery Mod...

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid 1 catid or 2 clipid parameter, which reveals the full path in an error message...

phpnukeVideo.txt

Adivore: http://bichosoft.webcindario.com/advisory-03.txt =========================================================================== =================== Multiple vulnerabilities PHP-Nuke ===================== =================== Video Gallery Module for PHP-Nuke ===================== PROGRAM:...

[Full-Disclosure] Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke

Adivore: http://bichosoft.webcindario.com/advisory-03.txt =========================================================================== =================== Multiple vulnerabilities PHP-Nuke ===================== =================== Video Gallery Module for PHP-Nuke ===================== PROGRAM:...

CVE-2004-1972

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the 1 clipid or 2 catid parameters in a viewclip, viewcat, or voteclip action...

PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection

PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection source: https://www.securityfocus.com/bid/10215/info Reportedly the PHP-Nuke Video Gallery module is affected by multiple SQL injection vulnerabilities. This is due to a failure of the application to properly sanitize user-supplied input...

Invision Gallery 1.0.1 SQL Injection

It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic. The issues exist due to insufficient sanitization of user-supplied data via the 'img', 'cat', 'sortkey', 'orderkey', 'user' and 'album' parameters ...