5 matches found
Nuked-Klan 1.7.5 File Parameter News Module Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26458/info Nuked-Klan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
CVE-2007-6090
Cross-site scripting XSS vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-3479
Cross-site request forgery CSRF vulnerability in the delblock function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a delblock op on the block page in index.php...
Sql injection
SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php...
CVE-2006-1419
SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php...