FreeBSD : postnuke -- SQL injection vulnerabilities (f3eec2b5-8cd8-11d9-8066-000a95bc6fae)

Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system to view all files within the PHP scope, for instance. Various other SQ...

FreeBSD : postnuke -- XSS (XSS) vulnerabilities (7e580822-8cd8-11d9-8c81-000a95bc6fae)

A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be...

USN-147-1: PHP XMLRPC vulnerability

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...

[SA15855] PostNuke XML-RPC Library PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

PostNuke <= 0.750 readpmsg.php SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================== PostNuke 0.750=- -= =- -= Discovered by sp3x =- -= Coded by K-C0d3r =- -= irc.xoned.net x0n3-h4ck to find me K-c0d3ratx0n3-h4ck.org=- Greetz to mZ, 2b TUBE, off, rikky, milw0rm, str0ke !...

PostNuke 0.750 - readpmsg.php SQL Injection

PostNuke 0.750 - readpmsg.php SQL Injection !/usr/bin/perl This tools is only for educational purpose K-C0d3r a x0n3-h4ck friend !!! This exploit should give admin nick and md5 password -= PostNuke SQL Injection version : x= 0.750=- -= =- -= Discovered by sp3x =- -= Coded by K-C0d3r =- -=...

PostNuke &lt;= 0.750 readpmsg.php SQL Injection Exploit

No description provided by source. !/usr/bin/perl This tools is only for educational purpose K-C0d3r a x0n3-h4ck friend !!! This exploit should give admin nick and md5 password -= PostNuke SQL Injection version : x= 0.750=- -= =- -= Discovered by sp3x =- -= Coded by K-C0d3r =- -= irc.xoned.net...

PostNuke 0.750 - &#039;readpmsg.php&#039; SQL Injection

!/usr/bin/perl This tools is only for educational purpose K-C0d3r a x0n3-h4ck friend !!! This exploit should give admin nick and md5 password -= PostNuke SQL Injection version : x= 0.750=- -= =- -= Discovered by sp3x =- -= Coded by K-C0d3r =- -= irc.xoned.net x0n3-h4ck to find me...

CVE-2005-1777

SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter...

CVE-2005-1778

Cross-site scripting XSS vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter...

CVE-2005-1778

CVE-2005-1778 describes a cross-site scripting (XSS) vulnerability in PostNuke 0.750, exploitable via the start parameter in readpmsg.php. The affected component is readpmsg.php within PostNuke, enabling remote attackers to inject arbitrary web script or HTML. The available connected documents co...

CVE-2005-1777

CVE-2005-1777 is a SQL injection flaw in PostNuke 0.750 (readpmsg.php) exploitable via the start parameter to execute arbitrary SQL. Connected sources corroborate the issue and indicate that FreeBSD/VuXML entries and OpenVAS tests flag multiple advisories about PostNuke components, with advisorie...

CVE-2005-1778

Cross-site scripting XSS vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter...

CVE-2005-1777

SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter...

CYBSEC - PHPMailer Infinite Loop Denial of Service

CYBSEC S.A. www.cybsec.com Advisory Name: PHPMailer Infinite Loop Denial of Service ============== Vulnerability Class: Denial of Service ==================== Release Date: 05.27.2005 ============= Affected Applications: ====================== PHPMailer = 1.72 Affected Platforms:...

postnukeInclusion.txt

Product : Postnuke 0.750 http://www.postnuke.com Description: Postnuke 0.750 - 0.760rc4 local file inclusion Severity: High Description =========== Postnuke is Web Content Management System written in PHP and using mysql as database backend. Detail ====== Directory traversal in function pnModFunc...

postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

CVE-2005-1697

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simplesmarty.php, which reveals the path in an error message...

CVE-2005-1699

Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. dot dot in the skin parameter...