CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

5.6AI score0.00029EPSS

Exploits0References4

CVE•added 2006/04/19 4:0 p.m.•36 views

CVE-2006-1846

The CVE-2006-1846 entry concerns a cross-site scripting (XSS) issue in PHP-Nuke 7.8 within the Your_Account module. The vulnerability stems from the ublock parameter, which is stored in the user’s personal menu, allowing remote attackers to inject arbitrary HTML/JavaScript. The available document...

4.3CVSS5.6AI score0.00029EPSS

Exploits0References4Affected Software1

Prion•added 2006/02/28 2:2 a.m.•15 views

Sql injection

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

7.5CVSS8.3AI score0.00018EPSS

Exploits1References3Affected Software1

CVE•added 2006/02/16 8:0 p.m.•47 views

CVE-2006-0679

PHP-Nuke 7.8 and earlier is vulnerable to a SQL injection in the Your_Account module (index.php) via the username field, enabling remote attackers to manipulate SQL queries. The vulnerability is demonstrated in the Your_Account workflow (e.g., new_user) where user input is not properly sanitized ...

7.5CVSS8.3AI score0.42554EPSS

Exploits2References9Affected Software1

Cvelist•added 2006/02/16 8:0 p.m.•15 views

CVE-2006-0679

SQL injection vulnerability in index.php in the YourAccount module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable Nickname field...

8.3AI score0.42554EPSS

Exploits2References9

CVE•added 2006/02/13 10:0 p.m.•41 views

CVE-2005-4715

CVE-2005-4715 concerns multiple SQL injection vulnerabilities in PHP-Nuke 7.8. The flaw occurs in modules.php when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the POST parameters (name, sid, pid) that bypass security checks applied to GET requests. Affected...

7.5CVSS9AI score0.00232EPSS

Exploits1References10Affected Software1

Exploit DB•added 2005/11/16 12:0 a.m.•27 views

PHP-Nuke 7.8 Search Module - SQL Injection

!/usr/bin/perl -w use IO::Socket; if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET." HTTP/1.0\n"; print $send "Host: ".%HOST."\n"; print $send "Referer:...

7.4AI score

Exploits0

Cvelist•added 2005/10/25 4:0 a.m.•14 views

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

8.4AI score0.03589EPSS

Exploits1References9

CVE•added 2005/10/25 4:0 a.m.•39 views

CVE-2005-3304

CVE-2005-3304 concerns multiple SQL injection vulnerabilities in PHP-Nuke 7.8. The flaws allow remote attackers to modify SQL queries and, in one case, execute arbitrary PHP code via (1) the username parameter on the Your Account page, (2) the url parameter in the Downloads module, and (3) the de...

7.5CVSS8.8AI score0.03589EPSS

Exploits1References9Affected Software1

exploitpack•added 2005/09/16 12:0 a.m.•12 views

PHP-Nuke 7.8 - modules.php SQL Injection

PHP-Nuke 7.8 - modules.php SQL Injection / PHP-Nuke 4.0 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru / // tested on 7.8 include include include include include include include define START 47 define END 103 define SZ 1024 define PORT 80 define PREFIX "nuke" define SQL...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by