Lucene search
K

1732 matches found

securityvulns
securityvulns
added 2006/06/09 12:0 a.m.32 views

PHP-Nuke <= 7.9 Search XSS Vulnerability

PHP-Nuke = 7.9 Search module XSS Vulnerability It could work on later versions if PHP-Nuke does not patch it. 1: Enter: http://host/modules.php?name=Search 2: Search for: "body onload="alertdocument.cookie // You'll get a javascript alert with your cookie in it. Credits: O.G...

0.3AI score
Exploits0
NVD
NVD
added 2006/06/05 8:6 p.m.14 views

CVE-2006-2828

Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...

6.4CVSS6.7AI score0.02525EPSS
Exploits0References5
Prion
Prion
added 2006/06/05 8:6 p.m.15 views

Design/Logic Flaw

Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...

6.4CVSS7.2AI score0.02525EPSS
Exploits0References5
CVE
CVE
added 2006/06/05 8:0 p.m.46 views

CVE-2006-2828

CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....

6.4CVSS6.7AI score0.02525EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2006/06/05 8:0 p.m.17 views

CVE-2006-2828

Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...

6.7AI score0.02525EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2006/06/05 12:0 a.m.33 views

phpNukeInclude.txt

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/06/02 12:0 a.m.427 views

PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions

No description provided by source. Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USER...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/06/02 12:0 a.m.120 views

PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions

Exploit for unknown platform in category web applications ============================================================== PHP-Nuke = 7.9 Final phpbbrootpath Remote File Inclusions ============================================================== Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke =...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/02 12:0 a.m.55 views

PHP-Nuke 7.9 Final - &#039;phpbb_root_path&#039; Remote File Inclusions

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/06/02 12:0 a.m.22 views

PHP-Nuke 7.9 Final - phpbb_root_path Remote File Inclusions

PHP-Nuke 7.9 Final - phpbbrootpath Remote File Inclusions Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2006/05/31 12:0 a.m.86 views

# MHG Security Team --- PHP NUKE All version Remote File Inc.

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.26 views

Cmscout &lt;= V1.10 multiple XSS attack vectors

Cmscout = V1.10 multiple XSS attack vectors Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement CMScout is a CMS Content management system for scouting related groups from around the world. A CMS is a piece of web software that makes it easy for you t...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.28 views

PHP-Nuke &lt;= All Version Administrator SQL Injection Exploit / By WiLdBoY

PHP-Nuke = All Version Administrator SQL Injection Exploit / By WiLdBoY Credit : WiLdBoY Server Adress: Example : http://www.sitename.com Admin Name: Example : Admin Password MD5: Example : 1ea52f26e7e0ce08e462f87f5e35096c ------------------------------ User Information.... Name: Example : Michal...

1.4AI score
Exploits0
NVD
NVD
added 2006/04/19 4:6 p.m.16 views

CVE-2006-1846

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

4.3CVSS5.6AI score0.0118EPSS
Exploits0References4
Prion
Prion
added 2006/04/19 4:6 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

4.3CVSS6.1AI score0.0118EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2006/04/19 4:6 p.m.14 views

Sql injection

SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7.5CVSS8.8AI score0.01478EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/04/19 4:6 p.m.10 views

CVE-2006-1847

SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7.5CVSS8.1AI score0.01478EPSS
Exploits0References5
CVE
CVE
added 2006/04/19 4:0 p.m.41 views

CVE-2006-1847

PHP-Nuke 7.8contains an SQL injection in the Your_Account module, exploitable via the user_id parameter in Your_Home, allowing remote execution of arbitrary SQL as described by NVD and corroborated by other sources. The public documents do not specify a patch or workaround.

7.5CVSS8.1AI score0.01478EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/04/19 4:0 p.m.43 views

CVE-2006-1846

The CVE-2006-1846 entry concerns a cross-site scripting (XSS) issue in PHP-Nuke 7.8 within the Your_Account module. The vulnerability stems from the ublock parameter, which is stored in the user’s personal menu, allowing remote attackers to inject arbitrary HTML/JavaScript. The available document...

4.3CVSS5.6AI score0.0118EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/04/19 4:0 p.m.19 views

CVE-2006-1846

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

5.6AI score0.0118EPSS
Exploits0References4
Rows per page
Query Builder