30 matches found
Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site
Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...
php-nuke.5.5.css.txt
PHP-Nuke is a PHP based portal management system used at thousands of sites. A Cross Site Scripting vulnerability has been discovered in the PHP-Nuke version 5.5 and prior versions. There is a function called Private Messages in PHP-Nuke by which the registered users of the site can send messages...
PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1
PHP-Nuke 5.5 - Cross Site Scripting - Bad use of cookies. More details : In french : http://www.ifrance.com/kitetoua/tuto/PHPNuke55.txt Translated by Google : http://translate.google.com/translate?u=http3A 2F2Fwww.ifrance.com2Fkitetoua2Ftuto 2FPHPNuke55.txt&langpair=fr7Cen&hl=en&prev=...
PHP-Nuke allows Command Execution & Much more
Hi All! I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code. The flaw is in the index.php's include file feature. It allows including files like index.php?file=file It prevents users including ..'s in URL's, but it didn't prevent users from entering http://-urls...
PHP-Nuke 4.x/5.x - Arbitrary File Inclusion
source: https://www.securityfocus.com/bid/3889/info PHPNuke is a website creation/maintenance tool. The 'index.php' script has a feature which allows users to include files. Due to insufficent input validation, it is possible to include files located on a remote server. Arbitrary code in the...
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it...
Проблема с баннерами в php-nuke (banner spoofing)
Можно удаленно поменять URL на которую ссылается баннер...
PHP-Nuke 5.0 - 'user.php' Form Element Substitution
source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas 'user.php.html' and altering the...
CVE-2001-0292
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id UID and calling user.php with the saveuser operator...
RFP2101: RFPlutonium to fuel your PHP-Nuke
-----/ RFP2101 /-------------------------------/ rfp.labs / wiretrip/---- RFPlutonium to fuel your PHP-Nuke SQL hacking user logins in PHP-Nuke web portal ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / Standard advisory information -/ 2 / High...