XSS and SQL Injection vulnerabilities in myPHPNuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL Injection уязвимостях в системе myPHPNuke. XSS: http://site/print.php?sid=3CBODY20onload=alertdocument.cookie3E SQL Injection:...

myPHPNuke 1.8.8_8rc2 - Cross-Site Scripting SQL Injection

myPHPNuke 1.8.88rc2 - Cross-Site Scripting SQL Injection Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2391/ Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in...

myPHPNuke < 1.8.8_8rc2 (XSS/SQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ myPHPNuke 1.8.88rc2 XSS/SQL Multiple Remote Vulnerabilities ================================================================ Cross-Site Scripting and SQL Injection...

myPHPNuke &lt; 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2391/ Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke. XSS:...

myphpnuke-sqlxss.txt

Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2391/ Description: There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke. XSS:...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: crossite scripting, automation protection bypass...

Vulnerabilities in myPHPNuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в myPHPNuke. Insufficient Anti-Automation: Уязвимость на http://site/user.php?op=register. http://websecurity.com.ua/uploads/2008/myPHPNuke20Insuficient20Anti-automation.html XSS:...

CVE-2003-1372

Cross-site scripting XSS vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the 1 ratenum or 2 query parameters...

CVE-2003-1372

CVE-2003-1372 is an XSS vulnerability affecting myPHPNuke 1.8.8 (and possibly earlier) in the links.php script. The issue allows remote attackers to inject arbitrary HTML and client-side scripts via the (1) ratenum or (2) query parameters, enabling cross-site scripting. The available connected so...

CVE-2006-6795

The CVE describes a PHP remote file inclusion in the My_eGallery 2.5.6 module of myPHPNuke, specifically in gallery/displayCategory.php. The vulnerability allows an attacker to cause arbitrary PHP code execution by supplying a URL in the basepath parameter. This is a server-side RFI risk that cou...

myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability

No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

myPHPNuke Module My_eGallery 2.5.6 - basepath Remote File Inclusion

myPHPNuke Module MyeGallery 2.5.6 - basepath Remote File Inclusion =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

CVE-2006-0923

Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...

CVE-2006-0923

CVE-2006-0923 affects MyPHPNuke (MPN) up to version 1.88 and earlier. The vulnerability surfaces as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download....

CVE-2006-0923

Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...

[SA19052] MyPHPNuke Cross-Site Scripting Vulnerabilities

TITLE: MyPHPNuke Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA19052 VERIFY ADVISORY: http://secunia.com/advisories/19052/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: myPHPNuke 1.x http://secunia.com/product/1119/ DESCRIPTION: Mustafa Can Bjorn...

myPHPNuke 1.8.8 - download.php Cross-Site Scripting

myPHPNuke 1.8.8 - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage the...

myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting

myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...

myPHPNuke 1.8.8 - &#039;download.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...