PostNuke 0.750.76 DL - viewdownload.php SQL Injection

PostNuke 0.750.76 DL - viewdownload.php SQL Injection source: https://www.securityfocus.com/bid/14636/info PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input. Successful exploitation could result in a compromise of th...

PostNuke 0.76 RC4b - 'user.php?htmltext' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based authentication credentials, as well as oth...

PostNuke 0.75/0.76 DL - 'viewdownload.php' SQL Injection

source: https://www.securityfocus.com/bid/14636/info PostNuke is prone to an SQL injection vulnerability. This issue is due to a lack of sufficient sanitization of user-supplied input. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or...

PostNuke 0.76 RC4b Comments Module - 'moderate' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based authentication credentials, as well as oth...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

CVE-2005-2596

CVE-2005-2596 concerns a programming error in the Gallery component used with Postnuke that allows any user with Admin privileges to access all galleries. Open-source advisories and Debian security notes describe a remote-attack surface stemming from a bug in the gallery code that grants full gal...

CVE-2005-2596

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries...

postnuke0760rc3.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke XSS and Full path disclosure 0.760RC3=x cXIb8O3.7 Author: Maksymilian Arciemowicz cXIb8O3 Date: 15.3.2005 from SECURITYREASON.COM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760RC3 PostNuke is an open source, open...

postnuke0750.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.750=x cXIb8O3.5 Author: cXIb8O3 Date: 2.3.2005 from SecurityReason.Com - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement content management system CMS. PostNuke started a...

postnukeSQL0760rc3.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Non Critical SQL Injection and Include 0.760-RC3=x cXIb8O3.10 Author: cXIb8O3Maksymilian Arciemowicz Date: 2.4.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC3=X PostNuke is an open source, ope...

PostNuke0750.txt

-= Critical SQL injection and XSS in PostNuke =- Author: sp3x Date: 27. May 2005 Affected software : =================== PostNuke version : x= 0.750 Description : ============= PostNuke is an open source, open developement content management system CMS. PostNuke started as a fork from PHPNuke...

Gallery PostNuke Integration Access Validation Privilege Escalation

The remote host is running Gallery, a web-based photo album. According to its banner, the version of Gallery installed on the remote host is subject to an access validation issue when integrated with PostNuke, as is the case on the remote host. The issue means that any user with any level of admi...

[SA16389] Gallery PostNuke Integration Security Issue

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...

CVE-2002-2015

PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter...

CVE-2001-1521

Cross-site scripting XSS vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter...

CVE-2002-1996

Technical details about CVE-2002-1996 are not publicly provided in the supplied documents; no concrete fix, affected products, or exploit information is included. Monitor for updates.

CVE-2001-1521

CVE-2001-1521 is an XSS vulnerability in PostNuke 0.64, specifically in the file/user component user.php , where the uname parameter can be exploited to inject arbitrary web script or HTML. The public records identify the affected software as PostNuke 0.64 and the vulnerability as a cross-site sc...

CVE-2002-1996

Cross-site scripting XSS vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name parameter in modules.php and 2 catid parameter in index.php...

CVE-2002-2015

The CVE-2002-2015 entry concerns PostNuke 0.703, where PHP file inclusion in user.php can be triggered through the caselist parameter to include arbitrary files and potentially execute code. The root cause is a file inclusion weakness allowing remote attackers to supply a path to arbitrary files....