5 matches found
EUVD-2004-1923
Malware in sbrugna...
PHP-Nuke 6.x/7.x CookieDecode Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10128/info Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode' function to properly sanitize user supplied cookie parameters. These issues coul...
CVE-2004-1930
Cross-site scripting XSS vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie...
CVE-2001-0001
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie...
CVE-2001-0001
PHP-Nuke 4.4 is affected by an authentication bypass via the cookiedecode flow. A crafted cookie (base64-encoded string split by colon) is decoded to populate $cookie[0] and other variables, allowing an attacker to manipulate the SQL in updates to impersonate other users and view or modify their ...