CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the 1 includes/blocks directory, 2 pnadodb directory, 3 NS-NewUser module, 4 NS-YourAccount, 5 NS-LostPassword module, or 6 NS-User module which reveals the path to the web server in a PHP error...

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting source: https://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: - Multiple path disclosure vulnerabilities that occu...

[Full-Disclosure] [waraxe-2004-SA#020 - Multiple vulnerabilities in PostNuke 0.726 Phoenix]

================================================================================ waraxe-2004-SA020 ================================================================================ Multiple vulnerabilities in PostNuke 0.726 Phoenix...

[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection

Products: Postnuke v 0.726 http://www.postnuke.com Date: 15 April 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors:skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.726 and below SQL injection...

PostNuke Issues (0.726 && Possibly Older)

Vendor : PostNuke URL : http://www.postnuke.com Version : PostNuke 0.726 Phoenix && Older?? Risk : SQL Injection && XSS Description: Postnuke is a popular Open Source CMS Content Managment System used by millions of people all across the world. SQL Injection: SQL Injection is possible by passing...

PostNuke < 0.726 Phoenix - Multiple Vulnerabilities

PostNuke Multiple Vulnerabilities Vendor: PostNuke Product: PostNuke Version: CODE VLID = Should be the valid id number of a file for download. CODE = Any script or HTML etc. Solution: An update has been released regarding the SQL Injection vulnerability. The XSS vuln however will not be fixed...

PostNuke 0.726 Phoenix - Multiple Vulnerabilities

PostNuke 0.726 Phoenix - Multiple Vulnerabilities PostNuke Multiple Vulnerabilities Vendor: PostNuke Product: PostNuke Version: CODE VLID = Should be the valid id number of a file for download. CODE = Any script or HTML etc. Solution: An update has been released regarding the SQL Injection...

CVE-2003-1537

Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php...

Chatserver - XSS ( push )

PostNuke Downloads & WebLinks ttitle variable XSS ------ Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM http://www.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches in all versions Phoenix 0.7.2.3 without patches in all versions 0.7.2.1 All prior version...

PostNuke Downloads & Web_Links ttitle variable XSS

PostNuke Downloads & WebLinks ttitle variable XSS ------ Product: PostNuke Vendor: PostNuke WWW.POSTNUKE.COM http://www.POSTNUKE.COM Versions Vulnerable: PostNuke Phoenix 0.7.x.x Phoenix 0.7.2.3 with patches in all versions Phoenix 0.7.2.3 without patches in all versions 0.7.2.1 All prior version...

PostNuke 0.60.7 Downloads Module - TTitle Cross-Site Scripting

PostNuke 0.60.7 Downloads Module - TTitle Cross-Site Scripting source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containi...

PostNuke 0.60.7 web_links Module - TTitle Cross-Site Scripting

PostNuke 0.60.7 weblinks Module - TTitle Cross-Site Scripting source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containin...

PostNuke 0.6/0.7 web_links Module - TTitle Cross-Site Scripting

source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of...

PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting

source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of...

PostNuke Glossary Module page Parameter SQL Injection

The remote host is running a version of PostNuke which is vulnerable to a SQL injection attack. An attacker may use this flaw to gain the control of the database of this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

PostNuke < 0.7.2.3 Multiple Script XSS

The remote host is running a version of PostNuke that is vulnerable to various cross-site scripting attacks. An attacker may use these flaws to steal the cookies of the legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

PostNuke 0.723 - user.php UNAME Cross-Site Scripting

PostNuke 0.723 - user.php UNAME Cross-Site Scripting source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML...

PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities

PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of...

PostNuke 0.723 - &#039;user.php&#039; UNAME Cross-Site Scripting

source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visit...

PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who...