CVE-2002-1803

Cross-site scripting XSS vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2002-1803

CVE-2002-1803 describes a cross-site scripting (XSS) flaw in PHP-Nuke 6.0 that allows remote attackers to inject arbitrary script/HTML via Javascript in an IMG tag. Affected software is PHP-Nuke 6.0; the root cause is an XSS vulnerability exposed by image tags, enabling arbitrary code execution i...

PHP nuke XSS vulnerability

strongphP nuke exploit/strong beffects:/b all versions of php nuke bsolution:/b better filtering of offsite avatar selection. in the avatar selection of the profile, u have the option of linking to an offsite image. this is the perfect place for an exploit. by placing this line of code into the b...

PHP-Nuke 7.x - Multiple Remote File Inclusions

PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...

PHP-Nuke 7.x - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...

CVE-2003-1210

The CVE-2003-1210 entry describes multiple SQL injection vulnerabilities in the PHP-Nuke Downloads module (versions 5.x through 6.5). The root cause is unsafely constructed SQL queries exposed via the lid parameter to getit and the min parameter to search, allowing remote attackers to execute arb...

CVE-2003-1210

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to the getit function or the 2 min parameter to the search function...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

CVE-2004-1821

SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...

CVE-2004-1841

SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request...

CVE-2004-1842

Cross-site request forgery CSRF vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php...

CVE-2004-1913

Cross-site scripting XSS vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter...

CVE-2004-1914

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter...

CVE-2004-1929

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter...

CVE-2004-1930

Cross-site scripting XSS vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie...

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid 1 catid or 2 clipid parameter, which reveals the full path in an error message...

CVE-2004-1972

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the 1 clipid or 2 catid parameters in a viewclip, viewcat, or voteclip action...

CVE-2004-1819

4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message...

CVE-2004-1817

Cross-site scripting XSS vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Your Name field, 2 e-mail field, 3 nicname field, 4 fname parameter, 5 ratenum parameter, or 6 search field...