PHP-Nuke Error Manager Module 2.1 error.php Multiple Variables XSS

No description provided by source. source: http://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issu...

PHP-Nuke DownloadsPlus Module - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input. This issue permits...

MaticMarket 2.02 for PHP Nuke LFI Vulnerability

No description provided by source. MaticMarket 2.02 for PHP Nuke LFI Vulnerability Url: http://sourceforge.net/projects/maticmarket Author: xer0x Expl: http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00...

PHP-Nuke 7.8 Mainfile.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could all...

PHP-Nuke 2.0 AutoHTML Module Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts...

PHP-Nuke News Submission Story Text Field XSS

No description provided by source. source: http://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input before using it in dynamically...

PHP-Nuke 6.x/7.x Modpath Parameter Potential File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10365/info PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can b...

PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9947/info It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These...

PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a resul...

PHP-Nuke <= 7.8 Search Module Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; if @ARGV 2 print ---------------------------------------\n; print EXPLOIT for PHPNuke =7.8 \n; print ---------------------------------------\n\n; print Usage : \n; print PHPNuke1 HOST /pathphpnuke \n\n; print HOST - Host where i...

PHP-Nuke 6.x Multiple Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative...

PHP-Nuke Module Addressbook 1.2 - Local File Inclusion Exploit

No description provided by source. !Perl PHP-Nuke Module Addressbook 1.2 Local File Inclusion Exploit Vendor: http://www.sb-websoft.com/index.php?name=CmodsDownload&file=index&req=getit&lid=14 Vulnerable Code: requireoncemodules/$modulename/include/func.inc.php; Coded by bd0rk || SOH-Crew Greetz:...

PHP-Nuke 4ndvddb 0.91 Module 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30120/info The '4ndvddb' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 5.x/6.x/7.x Direct Script Access Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to...

PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31952/info PHP-Nuke Nuke League module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script...

PHP-Nuke <= 8.0 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PHP-Nuke = 8.0 News Remote SQL Injection Exploit Created: 2010.04.23 after 3 days the bug was discovered. Author/s: Dante90 & The:Paradox, WaRWolFz Crew Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770, Shade...

PHP Nuke 1.0/2.5/3.0/4.x Remote Ad Banner URL Change Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched...

PHP-Nuke Sections Module - 'artid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27879/info The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...

PHP-Nuke 6.x/7.x FAQ Module categories Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

PHP-Nuke 6.x/7.x Encyclopedia Module Multiple Function XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...