1732 matches found
CVE-2004-1819
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message...
CVE-2004-1821
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter...
PHP-Nuke 7.1 Recommend_Us Module - fname Cross-Site Scripting
PHP-Nuke 7.1 RecommendUs Module - fname Cross-Site Scripting source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via...
PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search'...
[waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0
================================================================================ waraxe-2004-SA003 ================================================================================ SQL injection in Php-Nuke 7.1.0 ================================================================================...
[waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
================================================================================ waraxe-2004-SA002 ================================================================================ Cross-Site Scripting XSS in Php-Nuke 7.1.0...
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information...
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied...
PHP-Nuke 6.x7.x - Public Message SQL Injection
PHP-Nuke 6.x7.x - Public Message SQL Injection source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to t...
PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML a...
PHP-Nuke 6.x/7.x - Public Message SQL Injection
source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modif...
PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and...
[waraxe-2004-SA#001] - Script injection in GBook for Php-Nuke ver. 1.0
================================================================================ waraxe-2004-SA001 ================================================================================ Script injection in GBook for Php-Nuke ver. 1.0...
PHP-Nuke 6.x (Multiple Modules) - SQL Injection
PHP-Nuke 6.x Multiple Modules - SQL Injection source: https://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke...
PHP-Nuke 6.x (Multiple Modules) - SQL Injection
source: https://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be...
SCSA027.txt
====================================================================== Security Corporation Security Advisory SCSA-027 PHP-Nuke 6.9 SQL Injection Vulnerability ====================================================================== PROGRAM: PHP-Nuke HOMEPAGE: http://www.phpnuke.org VULNERABLE...
CVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as 1 ", 2 ', or 3 in the search field, which reveals the path in an error message...
CVE-2003-1547
Cross-site scripting XSS vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter...
CVE-2003-1545
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon...
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to the getit function or the 2 min parameter to the search function...