536 matches found
PostNuke < 0.760 RC4 Multiple Script XSS
The version of PostNuke installed on the remote host fails to properly sanitize user input through the 'op' parameter of the 'user.php' script and the 'module' parameter of the 'admin.php' script before using it in dynamically-generated content. An attacker can exploit this flaw to inject arbitra...
PostNuke Phoenix 0.760 RC3 - OP Cross-Site Scripting
PostNuke Phoenix 0.760 RC3 - OP Cross-Site Scripting source: https://www.securityfocus.com/bid/13075/info A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...
CVE-2005-0615
Multiple SQL injection vulnerabilities in 1 index.php, 2 modules.php, or 3 admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter...
CVE-2005-0615
PostNuke 0.760-RC2 is affected by multiple SQL injection vulnerabilities in index.php, modules.php, and admin.php via the catid parameter, enabling remote attackers to execute arbitrary SQL. The CVE entry CVE-2005-0615 maps to these flaws. OpenVAS/Nessus entries corroborate multiple SQL injection...
CVE-2005-0617
CVE-2005-0617 describes an SQL injection vulnerability in PostNuke versions 0.750 and 0.760-RC2 that allows remote attackers to execute arbitrary SQL commands via the show parameter in dl-search.php. The issue is confirmed by the NVD entry and related OpenVAS/Nessus advisories referencing PostNuk...
CVE-2005-0616
Multiple cross-site scripting XSS vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 Program name, 2 File link, 3 Author name 4 Author e-mail address, 5 File size, 6 Version, or 7 Home page variables...
CVE-2005-0617
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter...
CVE-2005-0616
CVE-2005-0616 describes cross-site scripting (XSS) in the PostNuke Download module for versions 0.750 and 0.760-RC2. The vulnerability affects the Download module’s handling of several input fields (Program name, File link, Author name, Author e‑mail, File size, Version, Home page), enabling remo...
mixedSQL.txt
Postnuke all versions + pnphpbb =1.2 sql injection - jocanor Author: Jocanor Date: 01-03-2k5 1. -----------introduction--------. Postnuke is an open source CMS content management system, originally based in php-nuke. www.postnuke.com pnphpbb is a module for postnuke based in popular forum system...
PostNuke < 0.760 RC3 Multiple Vulnerabilities
Binary data 2662.prm...
[SA14433] PostNuke Multiple Vulnerabilities
---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...
[SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical SQL Injection 0.760-RC2=x cXIb8O3.1 Author: cXIb8O3Maksymilian Arciemowicz Date: 15.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC2=x PostNuke is an open source, open developement...
postnukeSQL0760.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical SQL Injection 0.760-RC2=x cXIb8O3.1 Author: cXIb8O3Maksymilian Arciemowicz Date: 15.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC2=x PostNuke is an open source, open developement...
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical XSS 0.760-RC2=x cXIb8O3.2 Author: cXIb8O3Maksymilian Arciemowicz Date: 19.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
postnukeSQL0760-2.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ]
Postnuke all versions + pnphpbb =1.2 sql injection - jocanor Author: Jocanor Date: 01-03-2k5 1. -----------introduction--------. Postnuke is an open source CMS content management system, originally based in php-nuke. www.postnuke.com pnphpbb is a module for postnuke based in popular forum system...
postnukeXSS.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical XSS 0.760-RC2=x cXIb8O3.2 Author: cXIb8O3Maksymilian Arciemowicz Date: 19.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
PostNuke <= 0.760 RC2 Multiple Vulnerabilities
The remote host is running PostNuke version 0.760 RC2 or older. These versions suffer from several vulnerabilities, among them : - SQL injection vulnerability in the News, NS-Polls and NS-AddStory modules. - SQL injection vulnerability in the Downloads module. - Cross-site scripting vulnerabiliti...