536 matches found
PostNuke Rating System DoS
The remote host is running PostNuke. PostNuke Phoenix 0.721, 0.722 and 0.723 allows a remote attacker causes a denial of service to legitmate users, by submitting a string to its rating system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Note: Based on the proof of concept example, NOT...
Postnuke: path disclosure (0.7.2.3 and prior)
Intro. What is PostNuke ? PostNuke is a weblog/Content Management System CMS. It is far more secure and stable than competing products. Home Page: http://www.postnuke.com && A vulnerability have been found in Postnuke v0.7.2.3-Phoenix & prior which allow users to determine the physical path of th...
PostNuke Sections Module Information Disclosure
The remote host is running PostNuke. It is possible to use the CMS to determine the full path to its installation on the server or the name of the database used, by doing a request like : /modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid= An attacker may use these flaws to ga...
PostNuke Phoenix 0.72x - Rating System Denial of Service
PostNuke Phoenix 0.72x - Rating System Denial of Service source: https://www.securityfocus.com/bid/7702/info some submissions to the rating system. Because of this, a remote attacker may be able to submit a string that causes a denial of service to legitmate users...
PostNuke 0.72x Phoenix Glossary Module - SQL Injection
PostNuke 0.72x Phoenix Glossary Module - SQL Injection source: https://www.securityfocus.com/bid/7697/info A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL...
PostNuke 0.72x Phoenix Glossary Module - SQL Injection
source: https://www.securityfocus.com/bid/7697/info A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks. Exploitation may allow for modification o...
PostNuke Phoenix 0.72x - Rating System Denial of Service
source: https://www.securityfocus.com/bid/7702/info some submissions to the rating system. Because of this, a remote attacker may be able to submit a string that causes a denial of service to legitmate users...
PostNuke Sensitive Information Disclosure
Title: PostNuke path disclosure, and... db name. Version: 0.7.2.3-Phoenix other Problem: A vulnerability have been found in Postnuke v0.7.2.3-Phoenix which allow users to determine the physical path of this cms. This vulnerability would allow a remote user to determine the full path to the web ro...
PostNuke Members_List Module Information Disclosure
The remote host is running PostNuke. It is possible to use the CMS to determine the full path to its installation on the server or the name of the database used, by doing a request like : /modules.php?op=modload&name=MembersList&file=index&letter=All&sortby=foobar An attacker may use these flaws ...
postnuke723.txt
Products: Postnuke v 0.723 http://www.postnuke.com Date: 09 March 2003 Author: pokleyzz Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.723 SQL injection and directory traversing Description...
CVE-2002-1996
Cross-site scripting XSS vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name parameter in modules.php and 2 catid parameter in index.php...
CVE-2002-2015
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter...
XSS in Postnuke Rogue release (0.72)
Program: Postnuke Rogue release 0.72 Latest. HomePage: www.Postnuke.com/.org Description: PostNuke is a weblog/Content Management System CMS. Whilst PostNuke is a fork of PHP-Nuke, the entire core of the product has been replaced, making it far more secure and stable, and able to work in...
The Books Module for the PostNuke CMS XSS Vulnerability
---------------------------------------------------- Class : input Validation Error Risk : Due to the simplicity of the attack and the number of sites that run module books the risk is classified as Medium to High. URL: Http://pn-mod-books.sourceforge.net -...
Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...
PHP-Nuke x.x AND PostNuke SQL Injection
Hello again, just to say that PostNuke fork of PHP-Nuke is vulnerable to the same bugs AND it is possible to inject different SQL code in order to do other "funny" but "dangerous" things. Note to the guys of those projects: Filter those URL entries!!! Cheers, Pedro Inacio...
PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection
Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...
PostNuke 0.72 - modules.php Cross-Site Scripting
PostNuke 0.72 - modules.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and...
PostNuke 0.72 - 'modules.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the...
CVE-2002-1070
Technical details (affected product/version, root cause, impact, fixes) are not publicly provided in the supplied connected documents. Monitor for updates.