PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

The installation of PostNuke on the remote host includes a version of the PNphpBB2 module that fails to sanitize input to the 'phpbbrootpath' parameter of the 'includes/functionsadmin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled,...

PostNuke < 0.762 Multiple Vulnerabilities

The installed version of PostNuke allows an unauthenticated attacker to gain administrative access to select modules through a simple GET request. Additionally, it may be prone to various SQL injection injection or cross-site scripting attacks as well as unspecified attacks through the Languages...

PostNuke 0.6x0.7x NS-Languages Module - language Cross-Site Scripting

PostNuke 0.6x0.7x NS-Languages Module - language Cross-Site Scripting source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful...

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation...

[SA18937] PostNuke Multiple Vulnerabilities

TITLE: PostNuke Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18937 VERIFY ADVISORY: http://secunia.com/advisories/18937/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: PostNuke 0.x http://secunia.com/product/350/...

PostNuke 0.6x/0.7x NS-Languages Module - &#039;language&#039; SQL Injection

source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or...

PostNuke 0.6x/0.7x NS-Languages Module - &#039;language&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or...

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

Sql injection

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation...

CVE-2006-0802

Cross-site scripting XSS vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation...

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0801

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php...

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0801

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php...

CVE-2006-0801

The CVE-2006-0801 entry describes a SQL injection vulnerability in the NS-Languages module of PostNuke 0.761 and earlier. When magic_quotes_gpc is disabled, an attacker can trigger arbitrary SQL commands by supplying the language parameter to admin.php, potentially affecting authentication/operat...

CVE-2006-0802

CVE-2006-0802 is an XSS flaw in the NS-Languages module of PostNuke 0.761 and earlier, exploitable when magic_quotes_gpc is enabled. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the language parameter during a missing or translation operation. Multiple conn...

CVE-2006-0800

CVE-2006-0800 affects PostNuke 0.761 and earlier. An interpretation conflict allows remote attackers to perform cross-site scripting (XSS) via HTML tags with a trailing “” while bypassing blacklist protections in pnVarCleanFromInput (pnAPI.php), pnSecureInput (pnAntiCracker.php), and the htmltext...

CVE-2006-0802

Cross-site scripting XSS vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation...

Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...