CVE-2004-2031

The CVE-2004-2031 entry concerns the e107 CMS: a Cross-site Scripting (XSS) vulnerability in the file user.php that allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. The recorded impact is partial integrity compromise with no confidentiali...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

Binary data 2808.prm...

CVE-2005-0474

SQL injection vulnerability in the uservalidcrypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendarsession cookie...

CVE-2005-0474

SQL injection vulnerability in the uservalidcrypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendarsession cookie...

CVE-2005-0474

CVE-2005-0474 is a SQL injection vulnerability in WebCalendar 0.9.45. The issue affects the user_valid_crypt function in user.php, allowing remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. Multiple sources (NVD/NVDCV, CVE lists, and Nessus/NASL feeds) ...

CVE-2004-2031

Cross-site scripting XSS vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 MSN, or 3 AIM fields...

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

PostNuke 0.723 - &#039;user.php&#039; UNAME Cross-Site Scripting

source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visit...

PostNuke 0.723 - user.php UNAME Cross-Site Scripting

PostNuke 0.723 - user.php UNAME Cross-Site Scripting source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML...

PostNuke 0.703 - caselist Arbitrary Module Include

source: https://www.securityfocus.com/bid/4381/info PostNuke is a content management system originally forked from the PHP-Nuke project. It is implemented in PHP, and available for Windows, Linux and other Unix based systems. A vulnerability has been reported in some versions of PostNuke...

postnuke v 0.7.0.3 remote command execution

post nuke is one of popular content management system written in php . there are bug in file user.php line 107 which user can append $caselist array with their own value. foreach $caselist as $k=$v $ModName = $v'module'; include "$vpath/$k"; $caselist = array;...

CVE-2001-1521

Cross-site scripting XSS vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter...

PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - &#039;user.php?uname&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by...

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page,...

All PHP-Nuke versions affected!!!

Hi! Recentely the "fixed" version of the user.php script was released. The vulnerability was reported in the article which can be read in http://www.phpnuke.org/article.php?sid=251. This new version though still allows any registered user to alter the password and other personal details of other...