90 matches found
myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...
CVE-2006-0923
Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...
CVE-2006-0923
CVE-2006-0923 affects MyPHPNuke (MPN) up to version 1.88 and earlier. The vulnerability surfaces as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download....
CVE-2006-0923
Multiple cross-site scripting XSS vulnerabilities in MyPHPNuke MPN 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the letter parameter in reviews.php and 2 the dcategory parameter in download.php...
[SA19052] MyPHPNuke Cross-Site Scripting Vulnerabilities
TITLE: MyPHPNuke Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA19052 VERIFY ADVISORY: http://secunia.com/advisories/19052/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: myPHPNuke 1.x http://secunia.com/product/1119/ DESCRIPTION: Mustafa Can Bjorn...
MyPHPNuke188.txt
--Security Report-- Advisory: MyPHPNuke http://site/reviews.php?op=reviews&letter=XSS EXAMPLE - http://site/reviews.php?op=reviews&letter=alert'X'; GET - http://site/download.php?sortby=&dcategory=XSS&sortby= EXAMPLE - http://site/download.php?sortby=&dcategory=alert'X'; -- Timeline: 24/02/2006:...
Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities
--Security Report-- Advisory: MyPHPNuke = 1.8.8 multiple XSS vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 24/02/06 05:56 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MPN www.myphpnuke.com Version: 1.8.8 and...
myPHPNuke 1.8.8 - download.php Cross-Site Scripting
myPHPNuke 1.8.8 - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage the...
myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting
myPHPNuke 1.8.8 - reviews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
myPHPNuke 1.8.8 - 'reviews.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
myPHPNuke phptonuke.php Directory Traversal
The version of myPHPNuke installed on the remote host allows anyone to read arbitrary files by passing the full filename to the SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2002-1913
CVE-2002-1913 affects myPHPNuke 1.8.8 where the PHP file phptonuke.php (filnavn parameter) allows a remote attacker to read arbitrary files via a full pathname. This is a Directory Traversal issue; exploitation requires no authentication and can be triggered by supplying a full file path in filna...
CYBSEC - PHPMailer Infinite Loop Denial of Service
CYBSEC S.A. www.cybsec.com Advisory Name: PHPMailer Infinite Loop Denial of Service ============== Vulnerability Class: Denial of Service ==================== Release Date: 05.27.2005 ============= Affected Applications: ====================== PHPMailer = 1.72 Affected Platforms:...
myPHPnuke displayCategory.php Remote Command Execution (deprecated)
Binary data 1598.prm...
CVE-2003-1372
Cross-site scripting XSS vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the 1 ratenum or 2 query parameters...
Vulnrability in myPHPnuke 1.8.8
Language : PHP Script : http://www.myphpnuke.com 1.8.8 Problem : SQL Injection Description : myphpnuke is a widely used Content Managemnt System. Problem : In auth.inc.php file, if isset$aid && isset$pwd && $op == "login" if$aid!="" AND $pwd!="" $q="select pwd from ".$mpnTables'authors'." where...
myPHPNuke 1.8.8 - auth.inc.php SQL Injection
myPHPNuke 1.8.8 - auth.inc.php SQL Injection source: https://www.securityfocus.com/bid/8663/info It has been reported that myPHPNuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue may exist in the...
myPHPNuke 1.8.8 - 'auth.inc.php' SQL Injection
source: https://www.securityfocus.com/bid/8663/info It has been reported that myPHPNuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue may exist in the auth.in.php module of the software. The cause of this...