1732 matches found
PHP-Nuke 7.1 Recommend_Us Module fname Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname'...
PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHP-Nuke <= 7.8 (modules.php) SQL Injection Exploit
No description provided by source. / PHP-Nuke =7.8 SQL injection exploit need MySQL 4.0 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru / // tested on 7.8 include stdio.h include string.h include sys/types.h include sys/socket.h include netinet/in.h include netdb.h include regex.h defi...
PHP-Nuke 6.5 Addon Viewpage.PHP File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain...
PHP-Nuke 0-7 Delete God Admin Access Control Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke God Admin account...
PHP Nuke 8.2.4 CSRF Vulnerability
No description provided by source. Exploit Title:CSRF vulnerability Author: sajith version: PHP Nuke 8.2.4 vulnerable app link:http://phpnuke.org/modules.php?name=Release CSRF add group html lang=en head titleCSRF POC PHP nuke 8.2.4/title /head body form...
PHP-Nuke Downloads Module 'url' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35180/info PHP-Nuke is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...
PHP-Nuke 7.x Block-Old_Articles.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22037/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PHP-Nuke 8.2.4 - Multiple Vulnerabilities
No description provided by source. SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusio...
PHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6088/info A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the...
PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31830/info Sarkilar module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...
PHP-Nuke Dance Music Module Index.PHP Local File Include Vulnerability
No description provided by source...
PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local...
PHP-Nuke Error Manager Module 2.1 error.php language Variable Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issu...
PHP-Nuke Platinium <= 7.6.b.5 - Remote Code Execution Exploit
No description provided by source. ?php PHP Nuke Platinium = 7.6.b.5 Remote Code Execution Exploit Author: Charles real F. charlesfolathotmail.fr Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phprete...
PHP-Nuke Error Manager Module 2.1 error.php Multiple Variables XSS
No description provided by source. source: http://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issu...
PHP-Nuke DownloadsPlus Module - Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input. This issue permits...
MaticMarket 2.02 for PHP Nuke LFI Vulnerability
No description provided by source. MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...