EUVD-2014-3871

Malware in sbrugna...

Sql injection

SQL injection vulnerability in the SubmitNews module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics parameter to modules.php...

CVE-2014-3934

CVE-2014-3934 is a SQL injection vulnerability in the Submit_News module of PHP-Nuke 8.3, exploitable via topics[] in modules.php to execute arbitrary SQL. Impact is partial confidentiality/integrity/availability. Exploitation details are supported by NVD/RedHat entries; CIRCL shows an exploit on...

PHP-Nuke 8.3 News SQL Injection

title : phpnuke 8.3 sql injection vulnerability Exploit Title: phpnuke 8.3 submit news module sql injection vulnerability Google Dork: inurl:modules.php?name=SubmitNews Date: 5/24/2014 Exploit Author: ali ahmady -- Iranian Researcher snip3rirathotmail.com Vendor Homepage: phpnuke.org Software Lin...

PHP Nuke 8.3 MT Shell Upload

Iranian Pentesters Home Title : PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability Author : Pentesters.ir Exploits Coded by : b3hz4d & 4n0nym0us Tested on: PHP Nuke 8.3 Vendor : http://phpnuke.ir Specially Thanks To: Navid, Hossein, Ahmad, vahid, daryoush and all of the pentesters.ir members...

PHP-Nuke 8.3 - upload.php Arbitrary File Upload (1)

PHP-Nuke 8.3 - upload.php Arbitrary File Upload 1 source: https://www.securityfocus.com/bid/48257/info Phpnuke is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code a...