PostNuke 0.72x Stats Module Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provi...

PHP-Nuke 6.6 admin.php SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the admin.php...

Protector System 1.15 b1 index.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issue...

Protector System 1.15 blocker_query.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10206/info Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issue...

PHP-Nuke 4nAlbum Module 0.92 - 'pid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28162/info The 4nAlbum module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 7.2 - Multiple Video Gallery Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10215/info Reportedly the PHP-Nuke Video Gallery module is affected by multiple SQL injection vulnerabilities. This is due to a failure of the application to properly sanitize user-supplied input prior to using it in an S...

PHP-Nuke NukeC30 3.0 Module - 'id_catg' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28197/info The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke Module Emporium <= 2.3.0 - Remote SQL Injection Exploit

No description provided by source...

PHP-Nuke <= 8.1.0.3.5b Remote Command Execution Exploit

No description provided by source. PHP-Nuke = 8.1.0.3.5b Remote Command Execution Exploit Author/s: Dante90 & yawn Contact Us: www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] You will remember, Watson, how the dreadful business of the Abernetty...

PHP-Nuke Kleinanzeigen Module 'lid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30577/info The Kleinanzeigen module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow a...

PHP-Nuke <= 8.0 Final (HTTP Referers) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT synta...

PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure Vuln

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org...

PHP-Nuke 7.6 Surveys Module HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13201/info PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to...

PHP-Nuke 5.x/6.0 Avatar HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. PHP-Nuke does not sanitize code...

PHP-Nuke 7.1 Recommend_Us Module fname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname'...

PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PHP-Nuke <= 7.8 (modules.php) SQL Injection Exploit

No description provided by source. / PHP-Nuke =7.8 SQL injection exploit need MySQL 4.0 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru / // tested on 7.8 include stdio.h include string.h include sys/types.h include sys/socket.h include netinet/in.h include netdb.h include regex.h defi...

PHP-Nuke 6.5 Addon Viewpage.PHP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain...

PHP-Nuke 0-7 Delete God Admin Access Control Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke God Admin account...

PHP Nuke 8.2.4 CSRF Vulnerability

No description provided by source. Exploit Title:CSRF vulnerability Author: sajith version: PHP Nuke 8.2.4 vulnerable app link:http://phpnuke.org/modules.php?name=Release CSRF add group html lang=en head titleCSRF POC PHP nuke 8.2.4/title /head body form...