CVE-2006-5733

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...

CVE-2006-5733

CVE-2006-5733 : A directory traversal/remote local file inclusion flaw in PostNuke ≤0.763 (error.php) allows an attacker to cause arbitrary local file inclusion by placing PHP sequences in the PNSVlang cookie, which gets written into Apache logs and later included by error.php. Affected product/v...

CVE-2006-5733

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...

EUVD-2006-5718

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...

PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

PostNuke 0.763 - PNSV lang Remote Code Execution

PostNuke 0.763 - PNSV lang Remote Code Execution DEVIL TEAM IRC: 72.20.18.6:6667 devilteam ======== Contact: [email protected] or http://www.rahim.webd.pl/ cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patrio...

PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =========================================================== PostNuke = 0.763 PNSV lang Remote Code Execution Exploit =========================================================== ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+:...

PostNuke 0.763 - &#039;PNSV lang&#039; Remote Code Execution

DEVIL TEAM IRC: 72.20.18.6:6667 devilteam ======== Contact: [email protected] or http://www.rahim.webd.pl/ cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX,...

[Full-disclosure] Cross Site Scripting &#40;XSS&#41; Vulnerability in Netquery by &quot;VIRtech&quot;

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Netquery by "VIRtech" Discovered Date: 04/10/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.virtech.org Details: VIRtechs Netquery system is prone to a Cross Site Scripting...

Cross Site Scripting &#40;XSS&#41; Vulnerability in Netquery by &quot;VIRtech&quot;

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Netquery by "VIRtech" Discovered Date: 04/10/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.virtech.org Details: VIRtechs Netquery system is prone to a Cross Site Scripting...

FreeBSD : postnuke -- admin section SQL injection (35f2679f-52d7-11db-8f1a-000a48049292)

ISS X-Force reports : PostNuke is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. %NASLMINLEVEL 70300 C...

CVE-2006-5121

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter...

CVE-2006-5121

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter...

CVE-2006-5121

PostNuke 0.762 is affected by an SQL injection in the Admin section: modules/Downloads/admin.php via the hits parameter, allowing remote execution of arbitrary SQL on the backend database. Multiple sources (NVD entry CVE-2006-5121 and downstream advisories) confirm the vulnerability and its impac...

Sql injection in PostNuke [Admin section]

Hi, There is a sql injection bug in PostNuke 0.762 admin section and maybe before versions . The "hits" parameter is not checked properly before be used in sql query : File /modules/Downloads/admin.php, Line 1586 : :: $dbconn-Execute"INSERT INTO $downtable :: $columnlid, :: $columncid, ::...

postnuke -- admin section SQL injection

ISS X-Force reports: PostNuke is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database...

PostNuke 0.6x0.7x - Multiple Cross-Site Scripting Vulnerabilities

PostNuke 0.6x0.7x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18819/info PostNuke is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An...

PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18819/info PostNuke is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may leverage these issues to have arbitrary script code...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to 1 auth/extauth/drivers/mambo.inc.php or 2 auth/extauth/drivers/postnuke.inc.php...

FreeBSD : postnuke -- multiple vulnerabilities (0274a9f1-0759-11da-bc08-0001020eed82)

Postnuke Security Announcementss reports of the following vulnerabilities : - missing input validation within /modules/Messages/readpmsg.php - possible path disclosure within /user.php - possible path disclosure within /modules/News/article.php - possible remote code injection within...