536 matches found
SQL-Injection in Subjects 2.0 for Postnuke
CRIOLABS - Software: Subjects 2.0 - Type: Postnuke module - Vendor: Postnuke Modules Factory. Software Software: Subjects Postnuke module Version: 2.0 Plataforms: Unix/Win/PHP/MySQL/Postnuke Web: http://home.postnuke.ru Vendor Description Module is designed for structured store & display text...
CVE-2004-1668
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the 1 pageid, 2 subid, or 3 catid parameters...
subjects2.txt
CRIOLABS - Software: Subjects 2.0 - Type: Postnuke module - Vendor: Postnuke Modules Factory. Software Software: Subjects Postnuke module Version: 2.0 Plataforms: Unix/Win/PHP/MySQL/Postnuke Web: http://home.postnuke.ru Vendor Description Module is designed for structured store & display text...
PostNuke Modules Factory Subjects Module 2.0 - SQL Injection
PostNuke Modules Factory Subjects Module 2.0 - SQL Injection source: https://www.securityfocus.com/bid/11148/info Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize...
PostNuke Modules Factory Subjects Module 2.0 - SQL Injection
source: https://www.securityfocus.com/bid/11148/info Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters. An attacker might exploit this iss...
PostNuke Install Script Admin Password Disclosure
The remote host is running the PostNuke content management system. The installation script of the remote PostNuke CMS install.php is accessible. An attacker may access it to reconfigure the remote PostNuke installation and obtain the password of the remote database and PostNuke installation...
PostNuke Reviews Module title Parameter XSS
The remote host is running a version of PostNuke that contains the 'Reviews' module, which itself is vulnerable to a cross-site scripting issue. An attacker may use this flaw to steal the cookies of the legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
ew_file_manager.txt
CIRT-200404: EasyWeb EW FileManager Directory Traversal Remote File Retrieval - 07/23/2004 Product: EasyWeb FileManager Module Description: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system...
PostNuke 0.720.75 Reviews Module - Cross-Site Scripting
PostNuke 0.720.75 Reviews Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/10802/info PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of...
EasyWeb FileManager Directory Traversal
Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.php Description: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Systems Affected: EasyWeb FileManager 1.0 RC-1 Technical...
PostNuke 0.72/0.75 Reviews Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10802/info PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication credentials. Other attacks are als...
PostNuke 0.7x - Install Script Administrator Password Disclosure
PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...
PostNuke 0.7x - Install Script Administrator Password Disclosure
source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...
[Full-Disclosure] Multiple vulnerabilities PostNuke
Original Advisory: http://www.swp-zone.org/archivos/advisory-10.txt ------------------------------------------------------------------------------------------------- :.: Multiple vulnerabilities PostNuke :.: PROGRAM: PostNuke HOMEPAGE: http://www.postnuke.com/ VERSION: 0.75-RC3, 0.726-3 BUG:...
waraxe-2004-SA021.txt
================================================================================ waraxe-2004-SA021 ================================================================================ Multiple vulnerabilities in phprofession 2.5 module for PostNuke...
[PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2
--------------------------------------------------------------------------- PostNuke Security Advisory PNSA 2004-2 Mark West http://www.postnuke.com/ April 17th, 2004 For contacts: http://news.postnuke.com/index.php?module=vpContact...
[waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]
================================================================================ waraxe-2004-SA022 ================================================================================ Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2...
waraxe-2004-SA022.txt
================================================================================ waraxe-2004-SA022 ================================================================================ Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2...
[waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke]
================================================================================ waraxe-2004-SA021 ================================================================================ Multiple vulnerabilities in phprofession 2.5 module for PostNuke...
CVE-2004-1956
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...