536 matches found
CVE-2005-0616
Multiple cross-site scripting XSS vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 Program name, 2 File link, 3 Author name 4 Author e-mail address, 5 File size, 6 Version, or 7 Home page variables...
PostNuke Phoenix 0.7x - SHOW SQL Injection
PostNuke Phoenix 0.7x - SHOW SQL Injection source: https://www.securityfocus.com/bid/12684/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious...
PostNuke Phoenix 0.7x - CATID SQL Injection
PostNuke Phoenix 0.7x - CATID SQL Injection source: https://www.securityfocus.com/bid/12683/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when maliciou...
PostNuke Phoenix 0.7x - 'SHOW' SQL Injection
source: https://www.securityfocus.com/bid/12684/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious SQL syntax is issued to the application...
PostNuke Phoenix 0.7x - 'CATID' SQL Injection
source: https://www.securityfocus.com/bid/12683/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious SQL syntax is issued to the application...
postnuke -- cross-site scripting (XSS) vulnerabilities
A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be...
postnuke -- SQL injection vulnerabilities
Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system to view all files within the PHP scope, for instance. Various other SQ...
CVE-2004-1668
CVE-2004-1668 centers on the Subjects 2.0 Postnuke module, where multiple SQL injection vulnerabilities exist in index.php. The underlying issue is input validation for the (1) pageid, (2) subid, and (3) catid parameters, allowing remote arbitrary SQL execution. Impact is noted as partial confide...
PostNuke PostWrap Module Remote Exploit
Exploit for unknown platform in category web applications ======================================= PostNuke PostWrap Module Remote Exploit ======================================= ".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,.." ".,--,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,--...
PostNuke PostWrap Module - Remote File Inclusion Code Execution
PostNuke PostWrap Module - Remote File Inclusion Code Execution ".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,.." ".,--,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,--,. -.,--,." ".,--,. ...::www.albanianhaxorz.org::... -.,--,." ".,--,.- -.,--,." ".,--,.- PROUD TO BE ALBANIAN...
PostNuke PostWrap Module Remote Exploit
No description provided by source. ".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,.." ".,--,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,--,. -.,--,." ".,--,. ...::www.albanianhaxorz.org::... -.,--,." ".,--,.- -.,--,." ".,--,.- PROUD TO BE ALBANIAN -.,--,." ".,--,. -.,--,." ".,--,...
PostNuke PostWrap Module - Remote File Inclusion / Code Execution
".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,.." ".,--,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,--,. -.,--,." ".,--,. ...::www.albanianhaxorz.org::... -.,--,." ".,--,.- -.,--,." ".,--,.- PROUD TO BE ALBANIAN -.,--,." ".,--,. -.,--,." ".,--,. Copyright c 2005 ASC...
CVE-2004-2751
SQL injection vulnerability in the memberslist module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter...
CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via 1 the sif parameter to index.php in the Comments module or 2 timezoneoffset parameter to changeinfo.php in the YourAccount module...
CVE-2004-2752
Cross-site scripting XSS vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action...
PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access
The remote host is running a version of the pnTresMailer PostNuke module which is vulnerable to a directory traversal attack. An attacker may use this flaw to read arbitrary files on the remote web server, with the privileges of the web server process. %NASLMINLEVEL 70300 C Tenable Network...
PostNuke Detection
The remote host is running PostNuke, a content manager system written in PHP. Development of Postnuke stopped in 2008. Security flaws will not be patched. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid15721; scriptversion"1.15";...
PostNuke Trojaned Distribution
The remote host seems to be running a copy of a trojaned version of the 'PostNuke' content management system. PostNuke is a content management system in PHP whose main website has been compromised between the 24th and 26th of October 2004. An attacker modified some of the source code of the tool ...
Multiple Full Disclosure Path in postnuke 0.750 phoenix
CODEBUG Labs Advisory 6 Title: Multiple Full Disclosure Path in postnuke 0.750 phoenix Author: FAiN182 - [email protected] Product: Postnuke 0.750 Phoenix Type: Full disclosure path Web: http://www.mantralab.org Personal Site: http://fain182.altervista.org --- the product Postnuke is a CMS...
PostNuke News Module article.php sid Parameter XSS
The remote host is running a version of PostNuke which contains the 'News' module which itself is vulnerable to a cross-site scripting issue. An attacker may use these flaws to steal the cookies of the legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...