54 matches found
PostNuke Module pnEncyclopedia <= 0.2.0 - SQL Injection Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV90$2008 ----------------------------------------------------------------------------------------- ECHOADV90$2008 PostNuke Module pnEncyclopedia = 0.2.0 id Blind Sql Injection...
Unfixed XSS vulnerability at www.georgiaencyclopedia.org
Security researcher xylitol, has submitted on 28/10/2008 a cross-site-scripting XSS vulnerability affecting www.georgiaencyclopedia.org, which at the time of submission ranked 344719 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/06/2010. I...
CVE-2006-5525
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via 1 "//UNION " or 2 " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a...
CVE-2006-5525
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via 1 "//UNION " or 2 " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a...
PHP-Nuke SQL注入及绕过SQL注入防护漏洞
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke用于过滤POST输入的代码中存在SQL注入漏洞: == mainfile.php 143-146 ========================== ... if striposclone$postString,'%20union%20' OR \ striposclone$postString,'/union/' OR striposclone$postString,' union ' OR ...
PHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit
? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT pwd as title FROM $prefixauthors WHERE...
PHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== PHP-Nuke = 7.9 Encyclopedia Remote SQL Injection Exploit =========================================================== ? / Neo Security Team - Exploit made by Paisterist on 2006-10-...
PHP-Nuke 7.9 - Encyclopedia SQL Injection
PHP-Nuke 7.9 - Encyclopedia SQL Injection ? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT...
PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT pwd as title FROM $prefixauthors WHERE...
Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
Encyclopedia = 3.0 login.php CrossSite Scripting - XSS by n0m3rcy Copyright c 2006 n0m3rcy [email protected] Exploit: www.site.com/login.php?action=form&username=username&password=223E3Cscript3Ealertdocument.cookies;3C/script3E Shoutz: cijfer , my baby , Dag & myself :PpP Have phun!...
ScanMail file check
This script attempts to read sensitive files used by Trend ScanMail, an anti-virus protection program for Domino formerly Lotus Notes. SPDX-FileCopyrightText: 2004 by DokFLeed Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2004-2293
PHP-Nuke 6.0–7.3 is affected by multiple XSS flaws in the Encyclopedia module (via the eid parameter or the module query), in Reviews module via the preview_review function (parameters: url, cover, rlanguage, hits), and in Reviews via savecomment (uname parameter). Root cause: improper handling o...
[Full-Disclosure] [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]
================================================================================ waraxe-2004-SA032 ================================================================================ Multiple security flaws in PhpNuke 6.x - 7.3...
PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple cross-site scripting vulnerabilities...