1732 matches found
PHP-Nuke <= 7.9 Search XSS Vulnerability
PHP-Nuke = 7.9 Search module XSS Vulnerability It could work on later versions if PHP-Nuke does not patch it. 1: Enter: http://host/modules.php?name=Search 2: Search for: "body onload="alertdocument.cookie // You'll get a javascript alert with your cookie in it. Credits: O.G...
CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...
Design/Logic Flaw
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...
CVE-2006-2828
CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....
CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...
phpNukeInclude.txt
Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...
PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions
No description provided by source. Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USER...
PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions
Exploit for unknown platform in category web applications ============================================================== PHP-Nuke = 7.9 Final phpbbrootpath Remote File Inclusions ============================================================== Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke =...
PHP-Nuke 7.9 Final - 'phpbb_root_path' Remote File Inclusions
Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...
PHP-Nuke 7.9 Final - phpbb_root_path Remote File Inclusions
PHP-Nuke 7.9 Final - phpbbrootpath Remote File Inclusions Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy...
# MHG Security Team --- PHP NUKE All version Remote File Inc.
Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...
Cmscout <= V1.10 multiple XSS attack vectors
Cmscout = V1.10 multiple XSS attack vectors Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement CMScout is a CMS Content management system for scouting related groups from around the world. A CMS is a piece of web software that makes it easy for you t...
PHP-Nuke <= All Version Administrator SQL Injection Exploit / By WiLdBoY
PHP-Nuke = All Version Administrator SQL Injection Exploit / By WiLdBoY Credit : WiLdBoY Server Adress: Example : http://www.sitename.com Admin Name: Example : Admin Password MD5: Example : 1ea52f26e7e0ce08e462f87f5e35096c ------------------------------ User Information.... Name: Example : Michal...
CVE-2006-1846
Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...
Cross site scripting
Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...
Sql injection
SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-1847
SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-1847
PHP-Nuke 7.8contains an SQL injection in the Your_Account module, exploitable via the user_id parameter in Your_Home, allowing remote execution of arbitrary SQL as described by NVD and corroborated by other sources. The public documents do not specify a patch or workaround.
CVE-2006-1846
The CVE-2006-1846 entry concerns a cross-site scripting (XSS) issue in PHP-Nuke 7.8 within the Your_Account module. The vulnerability stems from the ublock parameter, which is stored in the user’s personal menu, allowing remote attackers to inject arbitrary HTML/JavaScript. The available document...
CVE-2006-1846
Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...