12 matches found
EUVD-2008-4077
Malware in sbrugna...
EUVD-2008-4074
Malware in sbrugna...
EUVD-2002-1892
Malware in sbrugna...
CVE-2002-1913
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable...
MyPHPNuke188.txt
--Security Report-- Advisory: MyPHPNuke http://site/reviews.php?op=reviews&letter=XSS EXAMPLE - http://site/reviews.php?op=reviews&letter=alert'X'; GET - http://site/download.php?sortby=&dcategory=XSS&sortby= EXAMPLE - http://site/download.php?sortby=&dcategory=alert'X'; -- Timeline: 24/02/2006:...
CVE-2003-1372
Cross-site scripting XSS vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the 1 ratenum or 2 query parameters...
myPHPNuke 1.8.8 - auth.inc.php SQL Injection
myPHPNuke 1.8.8 - auth.inc.php SQL Injection source: https://www.securityfocus.com/bid/8663/info It has been reported that myPHPNuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue may exist in the...
myPHPNuke My_eGallery gallery/displayCategory.php basepath Parameter Remote File Inclusion
The remote web server appears to be running myPHPNuke. The installed version is affected by a remote file include vulnerability in the 'gallery/displayCategory.php' script. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...
myPHPNuke phptonuke.php filnavn Parameter Traversal Arbitrary File Access
The version of myPHPNuke installed on the remote host allows anyone to read arbitrary files by passing the full filename to the 'filnavn' argument of the 'phptonuke.php' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Status: it was not tested against a vulnerable host, and the...
myPHPNuke 1.8.8 - links.php Cross-Site Scripting
myPHPNuke 1.8.8 - links.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link...
phpmynuke css and phpinfo() vuls
myphpnuke version 1.8.8final7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo Disclosure. The problem is that unlike the rest of the scripts under /admin/, sysinfo's footer script called systemfooter.php does not check who the user is. Inside systemfooter.php the...
myPHPNuke 1.8.8 - Default_Theme Cross-Site Scripting
myPHPNuke 1.8.8 - DefaultTheme Cross-Site Scripting source: https://www.securityfocus.com/bid/6544/info Reportedly, myPHPNuke does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing scrip...