CVE-2005-1700

SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga0 parameter...

CVE-2005-1698

CVE-2005-1698 affects PostNuke 0.750 and 0.760RC3, enabling remote attackers to obtain sensitive information through direct requests to a set of files across the Xanthia module, pnblocks directory, NS-Multisites module, and xmlrpc.php. The listed targets include theme.php, Xanthia.php, user.php, ...

CVE-2005-1697

The CVE-2005-1697 issue affects PostNuke’s RSS module (versions 0.750 and 0.760 RC2/RC3). A direct request to simple_smarty.php exposes the installation path via an error message, enabling remote disclosure of sensitive information. Exploit details are not provided in the sources; no patch/versio...

CVE-2005-1696

The CVE-2005-1696 entry applies to PostNuke, affecting versions 0.750 and 0.760RC3. It describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via (1) the skin or (2) the paletteid parameter to demo.php in the Xanthia module, or (3...

CVE-2005-1694

Technical details (affected product/version, root cause, exploit, impact) are not publicly provided in the supplied documents; monitor for updates.

CVE-2005-1695

Multiple cross-site scripting XSS vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 rssurl parameter to magpieslashbox.php, or the url parameter to 2 magpiesimple.php or 3 magpiedebug.php...

CVE-2005-1700

CVE-2005-1700 affects PostNuke 0.760-RC3 via the Xanthia module. The vulnerability is an SQL injection in pnadmin.php exploitable by the riga[0] parameter, allowing remote administrators to execute arbitrary SQL commands. Connected sources corroborate SQL injection in Xanthia/Messages areas and P...

CVE-2005-1699

CVE-2005-1699 : A directory traversal vulnerability exists in the Xanthia module’s pnadminapi.php (PostNuke 0.760-RC3). Remote administrators can read arbitrary files by supplying a .. (dot dot) in the skin parameter, enabling partial confidentiality impact. The provided documents do not specify ...

CVE-2005-1695

CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...

CVE-2005-1694

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the 1 name or 2 module parameter...

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to 1 theme.php or 2 Xanthia.php in the Xanthia module, 3 user.php, 4 thelang.php, 5 text.php, 6 html.php, 7 menu.php, 8 finclude.php, or 9 button.php in the pnblocks directory in the Blocks...

CVE-2005-1694

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the 1 name or 2 module parameter...

CVE-2005-1697

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simplesmarty.php, which reveals the path in an error message...

CVE-2005-1695

Multiple cross-site scripting XSS vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 rssurl parameter to magpieslashbox.php, or the url parameter to 2 magpiesimple.php or 3 magpiedebug.php...

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

CVE-2005-1699

Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. dot dot in the skin parameter...

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to 1 theme.php or 2 Xanthia.php in the Xanthia module, 3 user.php, 4 thelang.php, 5 text.php, 6 html.php, 7 menu.php, 8 finclude.php, or 9 button.php in the pnblocks directory in the Blocks...

CVE-2005-1700

SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga0 parameter...

PT-2005-2672 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via a direct request to "simple smarty.php", which reveals the path in an error message. Recommendations: For PostNuke...

[SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke XSS 0.760RC2,RC3 cXIb8O3.6 Author: Maksymilian Arciemowicz cXIb8O3 Date: 4.3.2005 from SECURITYREASON.COM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement content management system CMS...