30 matches found
EUVD-2006-6200
Malware in sbrugna...
EUVD-2001-0380
Malware in sbrugna...
EUVD-2004-2010
Malware in sbrugna...
EUVD-2001-0894
Malware in sbrugna...
CVE-2005-0613
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...
phpnukePoolXSS.txt
NightWarrior nightwarrior771athotmail.com Php-Nuke Pool and News Module IMG Tag Cross Site Scripting Contact :nightwarrior771athotmail.com Post Coment this Code:...
PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...
CVE-2004-1530
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the 1 eid or 2 cid parameters...
CVE-2004-1528
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to 1 config.php, 2 index.php, or 3 submit.php, which reveal the full path in an error message...
CVE-2004-2293
Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the 1 eid parameter or 2 query parameter to the Encyclopedia module, 3 previewreview function in the Reviews module as demonstrated by the url, cover,...
PHP-Nuke - SQL Injection Edit/Save Messages
!/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php'; $browser-proxyhttp = $proxy if defined$proxy; printl...
[XSS] PHP-Nuke 7.4 Newsletter Injection Bug
CODEBUG Labs Advisory 5 Title: Newsletter Injection Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Newsletter Injection Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to post...
PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass
PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue wi...
PHP-Nuke 6.9 - 'cid' SQL Injection
!/usr/bin/perl -w use IO::Socket; THIS CODE PUBLIC NOW = \ \ / | \ | / | / / \ | | \ | /\ \ / || /// | / / / / based on 'cid' sql injection vuln in Download module, more info about this vuln u can see here: http://rst.void.ru/texts/advisory10.htm work only on mysql version 4.0 tested on...
PHP-Nuke module PHP-Banner-Exchange path disclosure
------- Product: PHP-Nuke Vendor: F.Burzi Module: PHP-Banner Exchange Version: 1.2 ------- Accessing directly to the PHP Banner Exchange module and without a specified file : http://target/modules/phpbannerexchange/ phpbannerexchange module directory you get this: Warning: mainmainfile.php...
PHP-Nuke code injection in Yearly Stats at Statistics module
------- Product: PHP-Nuke Vendor: Francisco Burci Versions Vulnerable: 6.0 without patches , 6.0 with index.php and mainfile.php patches. 5.5 with patches all resting script tags No vulnerable: 6.0 with mainfile.php patch for block url tags inclusions not all . 5.5 with script tags but with the...
More and More SQL injection on PHP-Nuke 6.5.
/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...
PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
PHP-Nuke 6.5 Multiple Downloads Module - SQL Injection source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of S...
PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks...
PHP-Nuke x.x SQL Injection
Hello, All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack. For instance, if you create a short script, to send a few requests, I have tested with just 6 similar to this:...