PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...

PHP-Nuke 6.x/7.x Your_Account Module - Avatarcategory Cross-Site Scripting

source: https://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...

CVE-2005-0901

Multiple cross-site scripting XSS vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the 1 catname, 2 markname, 3 comment, or 4 category parameter...

CVE-2005-0902

SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2005-0900

CVE-2005-0900 affects marks.php in NukeBookmarks 0.6 for PHP-Nuke. Vulnerability: a remote attacker can obtain sensitive information by supplying an invalid (file or category) parameter, causing an error message that reveals the path. Product/version details are as described in the CVE entry; no ...

CVE-2005-0902

CVE-2005-0902 affects NukeBookmarks 0.6 for PHP-Nuke, with an SQL injection in marks.php via the category parameter that allows remote SQL execution. CVSS v2 base score 7.5 (HIGH); impact includes partial confidentiality, integrity, and availability. No remediation or exploit details are provided...

CVE-2005-0901

CVE-2005-0901 affects NukeBookmarks 0.6 for PHP-Nuke with multiple XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via the catname, markname, comment, or category parameters. The NVD entry records a CVSS v2 base score of 4.3 (Medium) with network attack vector, no auth...

CVE-2005-0900

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid 1 file or 2 category parameter, which reveal the path in an error message...

ZH2005-03SA.txt

ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Author: Gerardo 'Astharot' Di Giacomo Date: 26 March 2005 Product: NukeBookmarks .6 URL: http://nukebookmarks.sourceforge.net/ About the product ----------------- From the home page: "Nuke Bookmarks is a module for PHP-Nuke that allows...

CVE-2005-0900

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid 1 file or 2 category parameter, which reveal the path in an error message...

Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access

-------------------------------------------------------------------- Virginity Security Advisory 2005-002 - - - -------------------------------------------------------------------- DATE : 2005-03-13 15:11 GMT TYPE : remote VERSIONS AFFECTED : hola-cms-1.4.9-1 http://holacms.drunkencat.net/...

html code include in phpnuke news crash IE 6

www.wormzweb.tk ------------------------------------------------------------------------ ------------------------------------------------------------------------ ENGLISH ------------------------------------------------------------------------...

PHP-Nuke paBox Module Hidden Parameter XSS

Binary data 2702.prm...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

CVE-2005-0613

CVE-2005-0613 concerns an vulnerability in the FCKeditor 2.0 RC2 when used with PHP-Nuke, allowing remote attackers to upload arbitrary files. The issue is evidenced across multiple sources in the connected documents, which identify the affected component as the FCKeditor add-on for PHP-Nuke and ...

FCKeditor for PHP-Nuke Arbitrary File Upload

The remote host is running a version of the FCKeditor add-on for PHP-Nuke that allows a remote attacker to upload arbitrary files and run them in the context of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

PHP-Nuke 7.4 WebLinks SQL-Injection

Version: 7.4 Module: WebLinks function: TopRated //...... function TopRated$ratenum, $ratetype //........ if $ratenum != "" && $ratetype != "" $toplinks = $ratenum; //........... $result = $db-sqlquery"SELECT lid, cid, sid, title, description, date, hits, linkratingsummary, totalvotes,...

CVE-2004-1528

The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to 1 config.php, 2 index.php, or 3 submit.php, which reveal the full path in an error message...

CVE-2004-1529

Cross-site scripting XSS vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the 1 type, 2 day, 3 month, or 4 year parameters in a Preview operation, or 5 event comments...