40 matches found
EUVD-2007-1514
Malware in sbrugna...
EUVD-2011-3741
Malware in sbrugna...
EUVD-2009-1837
Malware in sbrugna...
CVE-2011-1480
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...
PHP-Nuke <= 8.0 Final (HTTP Referers) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT synta...
PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local...
CVE-2010-5083
SQL injection vulnerability in the WebLinks module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php...
CVE-2010-5083
SQL injection vulnerability in the WebLinks module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php...
Information disclosure
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files...
CVE-2011-3784
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sendername or 2 senderemail parameter in a Feedback action to modules.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
CVE-2011-1482
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
CVE-2011-1480
CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...
CVE-2011-1481
CVE-2011-1481 affects PHP-Nuke 8.0 and earlier. The vulnerability is multiple cross-site scripting (XSS) in the Feedback action of modules.php, exploitable via the sender_name or sender_email parameters. Impact described as allowing remote attackers to inject arbitrary web script or HTML. NVD met...
PHP-Nuke 8.x <= Cross Site Scripting Vulnerability
PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...
PHP-Nuke 8.0 Cross Site Scripting
Hello list! I want to warn you about Insufficient Anti-automation and Cross-Site Scripting vulnerabilities in PHP-Nuke. SecurityVulns ID: 11485. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.0 and previous versions. ---------- Details: ----------...
PHP-Nuke 8.0 Remote Blind SQL Injection
PHP-Nuke new; my $average = 0; print "+ Calculating average load time it may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to...
PHP-Nuke 8.0 -Web_Links Module - Blind SQL Injection
PHP-Nuke new; my $average = 0; print "+ Calculating average load time it may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to...
PHP-Nuke 8.0 - SQL Injection
PHP-Nuke 8.0 - SQL Injection !/usr/bin/perl 0-Day PHP-Nuke newPOST = $HostName.'modules.php?name=News'; my $Cookies = new HTTP::Cookies; my $UserAgent = new LWP::UserAgent agent = 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, defaultheaders = HTTP::Headers-new, or die $!; my $Referrer =...