CVE-2007-1449

CVE-2007-1449 affects PHP-Nuke 8.0 and earlier. A directory-traversal flaw in mainfile.php allows remote attackers to read arbitrary files by supplying ".." in the lang parameter, enabling partial confidentiality impact. Root cause: insufficient input validation in the lang parameter. The connect...

CVE-2006-6756

The vulnerability concerns Ixprim 1.2. The code function in install.fct.php generates a guessable value for the confidential IXP_CODE stored in mainfile.php, which could allow remote attackers to brute-force access to the administration panel. The available documentation links this to a remote-ex...

Ixprim CMS 1.2 - Blind SQL Injection

!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Ixprim 1.2 Poc.ID........: 16061221 Type..........: Blind SQL Injection Risk.level....: Medium Conditions....: loadfile privilege ixp code only Src.download..: www.ixprim-cms.org Poc.link......: acid-root.new.fr/poc/16061221.txt...

CVE-2006-5525

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via 1 "//UNION " or 2 " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a...

PHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit

? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT pwd as title FROM $prefixauthors WHERE...

PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection

? / Neo Security Team - Exploit made by Paisterist on 2006-10-22 http://www.neosecurityteam.net / $host="localhost"; $path="/phpnuke/"; $prefix="nuke"; $port="80"; $fp = fsockopen$host, $port, $errno, $errstr, 30; $data="query=fooaa&eid=foo'//UNION SELECT pwd as title FROM $prefixauthors WHERE...

A-Blog.txt

1A-Blog Remote File Include BuG FounD by Drago84 Application Affect:2A-Blog Source Code: 3http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: Soluction: Include in page require "mainfile.php"; Page Vulnerable : menu.php Dir : /navigate/ Exempe Of ExPloit is:...

A-Blog 2.0 - menu.php Remote File Inclusion

A-Blog 2.0 - menu.php Remote File Inclusion ToXiC A-Blog Remote File Include BuG FounD by Drago84 Application Affect:A-Blog Source Code: http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download Problem: Soluction: Include in page require "mainfile.php"; Page Vulnerable : menu.php Dir :...

CVE-2006-2516

mainfile.php in XOOPS 2.0.13.2 and earlier, when registerglobals is enabled, allows remote attackers to overwrite variables such as $xoopsOption'nocommon' and conduct directory traversal attacks or include PHP files via 1 xoopsConfiglanguage to misc.php or 2 xoopsConfigthemeset to index.php, as...

PHP-Nuke 7.8 - 'Mainfile.php' SQL Injection

source: https://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the...

CVE-2003-0559

The CVE-2003-0559 entry describes a remote PHP code execution vulnerability in phpforum 2 RC-1 (and possibly earlier) where an attacker can set MAIN_PATH to reference a URL containing PHP code on a remote server. This affects phpforum’s mainfile.php; exploitation would allow arbitrary code execut...

PHP-Include-Hack-Possibility in phpforum 2 RC-1

================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...

PHP-Nuke code injection in Yearly Stats at Statistics module

------- Product: PHP-Nuke Vendor: Francisco Burci Versions Vulnerable: 6.0 without patches , 6.0 with index.php and mainfile.php patches. 5.5 with patches all resting script tags No vulnerable: 6.0 with mainfile.php patch for block url tags inclusions not all . 5.5 with script tags but with the...

3 phpnuke bugs (2 possibly lead to admin privs)

phpnuke www.phpnuke.org is an opensource webpage portal powers many websites on the net. Version 5.x of phpnuke does not properly check some variables, and is vulnerable to an attack that gives an intruder admin privileges. This is only possible if the intruder knows the database name that phpnuk...