Debian Security Advisory DSA 879-1 (gallery)

The remote host is missing an update to gallery announced via advisory DSA 879-1. A bug in gallery has been discoverd that grants all registrated postnuke users full access to the gallery. The old stable distribution woody is not affected by this problem. OpenVAS Vulnerability Test $Id:...

Debian: Security Advisory (DSA-879-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2003-1537

Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php...

CVE-2004-2751

SQL injection vulnerability in the memberslist module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter...

CVE-2004-2752

PostNuke’s Downloads module (≤0.726) is affected by a cross-site scripting (XSS) flaw in the viewdownloaddetails action, triggered via the ttitle parameter. This allows remote injection of arbitrary HTML/JavaScript. The description is corroborated across CVE/NVD/Red Hat records; one connected EUV...

CVE-2003-1537

CVE-2003-1537 is a directory traversal vulnerability affecting PostNuke 0.723 and earlier. The issue allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. Connected sources corroborate the vulnerability description across NVD/Red Hat CVE records ...

CVE-2004-2752

Cross-site scripting XSS vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action...

CVE-2004-2751

PostNuke 0.726 (and possibly earlier) contains an SQL injection in the members_list module, exploitable via the sortby parameter. This allows remote attackers to craft SQL commands to affect the database. The vulnerability is stated for the members_list component, with no additional exploit detai...

Sql injection

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter...

CVE-2007-3584

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter...

CVE-2007-3584

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter...

PNphpBB2 <= 1.2i viewforum.php Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== PNphpBB2 You need at least 2 posts in the forum. - Thanks to waraxe for exploit structure... I have saved much time : Tested - Postnuke 0.764 with PNphpBB2 1.2i and MySQL 5.0.42...

PostNuke PNPHPBB2 Module Index.PHP SQL注入漏洞

PNphpBB是一款基于PHP的WEB应用程序。 PNphpBB不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 目前没有解决方案提供： http://www.pnphpbb.com/modules.php?op=modload&name=ForumNews&file=index...

Sql injection

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...

CVE-2007-3052

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...

CVE-2007-3052

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter...

CVE-2007-3052

CVE-2007-3052 affects PNphpBB2 (PostNuke) up to version 1.2i and earlier. The vulnerability is an SQL injection in index.php triggered by the c parameter, caused by improper sanitization of user input before using it in a database query in makes_cat_nav_tree() within includes/functions.php. Conse...

Sql injection

SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journalcomment action...

CVE-2007-2492

SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journalcomment action...

CVE-2007-2492

CVE-2007-2492 describes an SQL injection in the v4bJournal module of PostNuke, specifically in index.php via the journal_comment action using the id parameter. The vulnerability allows remote authenticated users to execute arbitrary SQL commands. The available documents confirm the affected compo...