Lucene search
K

30 matches found

CERT
CERT
added 2002/09/16 12:0 a.m.28 views

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...

7.5CVSS7.2AI score0.06497EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2002/03/13 12:0 a.m.27 views

php-nuke.5.5.css.txt

PHP-Nuke is a PHP based portal management system used at thousands of sites. A Cross Site Scripting vulnerability has been discovered in the PHP-Nuke version 5.5 and prior versions. There is a function called Private Messages in PHP-Nuke by which the registered users of the site can send messages...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/05 12:0 a.m.52 views

PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1

PHP-Nuke 5.5 - Cross Site Scripting - Bad use of cookies. More details : In french : http://www.ifrance.com/kitetoua/tuto/PHPNuke55.txt Translated by Google : http://translate.google.com/translate?u=http3A 2F2Fwww.ifrance.com2Fkitetoua2Ftuto 2FPHPNuke55.txt&langpair=fr7Cen&hl=en&prev=...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/01/17 12:0 a.m.29 views

PHP-Nuke allows Command Execution & Much more

Hi All! I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code. The flaw is in the index.php's include file feature. It allows including files like index.php?file=file It prevents users including ..'s in URL's, but it didn't prevent users from entering http://-urls...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2002/01/16 12:0 a.m.30 views

PHP-Nuke 4.x/5.x - Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/3889/info PHPNuke is a website creation/maintenance tool. The 'index.php' script has a feature which allows users to include files. Due to insufficent input validation, it is possible to include files located on a remote server. Arbitrary code in the...

7.4AI score
Exploits0
NVD
NVD
added 2001/11/21 5:0 a.m.22 views

CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it...

7.5CVSS6.9AI score0.03871EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/07/28 12:0 a.m.51 views

Проблема с баннерами в php-nuke (banner spoofing)

Можно удаленно поменять URL на которую ссылается баннер...

0.4AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2001/07/27 12:0 a.m.29 views

PHP-Nuke 5.0 - 'user.php' Form Element Substitution

source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas 'user.php.html' and altering the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2001/04/04 4:0 a.m.19 views

CVE-2001-0292

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id UID and calling user.php with the saveuser operator...

6.8AI score0.02378EPSS
Exploits1References1
securityvulns
securityvulns
added 2001/02/14 12:0 a.m.89 views

RFP2101: RFPlutonium to fuel your PHP-Nuke

-----/ RFP2101 /-------------------------------/ rfp.labs / wiretrip/---- RFPlutonium to fuel your PHP-Nuke SQL hacking user logins in PHP-Nuke web portal ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / Standard advisory information -/ 2 / High...

7.5CVSS7.2AI score0.1207EPSS
Exploits3
Rows per page
Query Builder