PHP-Nuke 6.x/7.x Public Message SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As...

PHP-NUKE version <= 6.9 - 'cid' SQL Injection Remote Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; THIS CODE PUBLIC NOW = \ \ / | \ | / | / / \ | | \ | /\ \ / || /// | / / / / based on 'cid' sql injection vuln in Download module, more info about this vuln u can see here: http://rst.void.ru/texts/advisory10.htm work only...

PHP-Nuke Recipe Module 1.3 - 'recipeid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27955/info The Recipe module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 7.4 - Remote Privilege Escalation

No description provided by source. A demonstration exploit HTTP form is provided: form name=mantra method=POST action=http://www.sitewithphpnuke.com/admin.php pUSERNAME: input type=text name=addaid br NOME: input type=text name=addname br PASSWORD: input type=text name=addpwd br E-MAIL: input...

PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously...

PHP-Nuke 6.x/7.x Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker cou...

PHP-Nuke 7.6 Web_Links Module Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13055/info The WebLinks module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL querie...

PHP-Nuke 6.x/7.x Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could...

PHP-NUKE 5.0 - Viewslink Remote SQL Injection

No description provided by source. Author: CMD Contact: [email protected] Dork: allinurl: op=viewslink&sid= =-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-= Code : Exploit 1: /links.php?op=viewslink&sid=-1//union//select//0,aid//from//nukeauthors//where//radminsuper=1/...

PHP-Nuke Johannes Hass 'gaestebuch 2.2 Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28063/info The 'gaestebuch' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 'Seminars' Module - 'fileName' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28089/info The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files...

PHP-Nuke 6.x/7.0 Survey Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient...

Search Enhanced Module 1.1/2.0 for PHP-Nuke HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated conten...

PHP-Nuke 'friend.php' Module Remote SQL Injection

No description provided by source. Exploit Title: PHP-Nuke 'friend.php' Module Remote SQL Injection Date: 05.05.2010 Author: CMD Contact : [email protected] Version: all version =-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-= Code :...

PHP-Nuke Book Catalog Module 1.0 'catid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30511/info The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke Yellow_Pages Module - 'cid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28109/info The YellowPages module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

PHP-Nuke KutubiSitte Module - 'kid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28126/info The KutubiSitte module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28088/info The eGallery module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

php-nuke platinum 7.6.b.5 - Remote File Inclusion Vulnerability

No description provided by source. ---------------------------------------------- GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEaTs To ---------------------------------------------- A2J, Chucks, The Pitbull, ICQBomber, str0ke ---------------------------------------------- BiG sHoUt OuT tO udplink.net &...