CVE-2005-0615

Multiple SQL injection vulnerabilities in 1 index.php, 2 modules.php, or 3 admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter...

CVE-2005-0617

SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter...

CVE-2005-1050

The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...

CVE-2005-1048

SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750...

CVE-2001-1460

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter...

CVE-2001-1460

CVE-2001-1460 describes a SQL injection in PostNuke 0.62–0.64 that allows remote bypass of authentication via the user parameter in article.php. CVSS: base 7.5 (HIGH); network vector, low complexity, no authentication. Affected products: PostNuke 0.62–0.64. Root cause: insufficient input validati...

postnukeSQL.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah GET...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...

CVE-2005-1050

The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message...

CVE-2005-1050

CVE-2005-1050 affects PostNuke 0.760-RC3 in the Reviews module’s modload op. The vulnerability allows remote attackers to disclose sensitive information by supplying an invalid id parameter, causing a PHP error message that reveals the path. The NVD entry rates impact as Partial Confidentiality w...

CVE-2005-1048

CVE-2005-1048 relates to a SQL injection in PostNuke 0.760 RC3, where the sid parameter in modules.php can be exploited remotely to run arbitrary SQL statements. The affected software is PostNuke (version 0.760 RC3 as cited; vendor reportedly could not reproduce issues for 0.760 RC3 or 0.750). Th...

CVE-2005-1048

SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750...

CVE-2005-1049

Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...

Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah GET...

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

Binary data 2808.prm...

PostNuke Phoenix 0.760 RC3 - SID SQL Injection

PostNuke Phoenix 0.760 RC3 - SID SQL Injection source: https://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An...

PostNuke Phoenix 0.760 RC3 - Module Cross-Site Scripting

PostNuke Phoenix 0.760 RC3 - Module Cross-Site Scripting source: https://www.securityfocus.com/bid/13076/info A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamical...

PostNuke Phoenix 0.760 RC3 - OP Cross-Site Scripting

PostNuke Phoenix 0.760 RC3 - OP Cross-Site Scripting source: https://www.securityfocus.com/bid/13075/info A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...

PostNuke Phoenix 0.760 RC3 - &#039;SID&#039; SQL Injection

source: https://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL...