536 matches found
htmltonuke-rfi.txt
htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...
PostNuke Module phgstats 0.5 (phgdir) Remote File Include Exploit
No description provided by source. PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit Vendor: http://kent.dl.sourceforge.net/sourceforge/phgstats/phgstats0.5.zip Vulnerable Code: includeonce$phgdir . 'settings/config.inc.php'; Coded by bd0rk || SOH-Crew Usage: expl.pl target cmd...
PostNuke Module phgstats 0.5 (phgdir) Remote File Include Exploit
Exploit for unknown platform in category web applications ================================================================= PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit ================================================================= PostNuke Module phgstats 0.5 phgdir Remote...
PostNuke Module phgstats 0.5 - phgdir Remote File Inclusion
PostNuke Module phgstats 0.5 - phgdir Remote File Inclusion PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit Vendor: http://kent.dl.sourceforge.net/sourceforge/phgstats/phgstats0.5.zip Vulnerable Code: includeonce$phgdir . 'settings/config.inc.php'; Coded by bd0rk || SOH-Crew Usage...
PostNuke Module phgstats 0.5 - 'phgdir' Remote File Inclusion
PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit Vendor: http://kent.dl.sourceforge.net/sourceforge/phgstats/phgstats0.5.zip Vulnerable Code: includeonce$phgdir . 'settings/config.inc.php'; Coded by bd0rk || SOH-Crew Usage: expl.pl target cmd shell shell variable Greetings: str0ke,...
SA-20070226-0.txt
SEC Consult Security Advisory 20070226-0 ======================================================================= title: File Disclosure in Pagesetter for PostNuke program: Pagesetter page creation module vulnerable version: 6.2.0 6.3.0 beta 5 impact: high homepage: http://www.elfisk.dk found:...
Directory traversal
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...
CVE-2007-1158
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...
CVE-2007-1158
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...
CVE-2007-1158
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...
CVE-2007-1158
The CVE-2007-1158 entry refers to a directory traversal in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke, via the id parameter in index.php, allowing remote attackers to read arbitrary files using .. traversal. The provided documents give the affected software and the vulnerabilit...
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
The third-party Pagesetter module for PostNuke installed on the remote host fails to sanitize input to the 'id' parameter before using it to display a file in the function 'pagesetterfilepreview' of the script 'pnfile.php'. An unauthenticated attacker can exploit this issue to view arbitrary file...
[Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
SEC Consult Security Advisory 20070226-0 ======================================================================= title: File Disclosure in Pagesetter for PostNuke program: Pagesetter page creation module vulnerable version: 6.2.0 6.3.0 beta 5 impact: high homepage: http://www.elfisk.dk found:...
PostNuke Reviews Index.PHP跨站脚本漏洞
PHP-Nuke是一款基于PHP的WEB应用程序。 PHP-Nuke不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 问题是reviews模块对用户提交的WEB参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问恶意链接,可导致获得目标用户敏感信息。 PostNuke 0.764 目前没有解决方案提供: http://noc.postnuke.com/...
Design/Logic Flaw
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...
Design/Logic Flaw
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."...
Cross site scripting
Cross-site scripting XSS vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0386
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."...
CVE-2007-0384
Cross-site scripting XSS vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0385
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information the full path via "unvalidated output" in FAQ/index.php, possibly involving an undefined idcat variable...