1732 matches found
NukeCalendar 1.1 .a modules.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
PHP-Nuke 6.x/7.x Reviews Module Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...
PHP-Nuke 6.x/7.x 'Reviews' Module Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could all...
NukeCalendar 1.1 .a eid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
PHP-Nuke 6.5 Modules.PHP Username URI Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. This may...
NukeCalendar 1.1 .a block-Calendar_center.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
Top Music Module 3.0 - SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15581/info Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or oth...
NukeCalendar 1.1 .a eid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
PHP-Nuke 6.0/6.5 Web_Links Module Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7589/info The WebLinks module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in th...
PHP-Nuke Web_Links Module - 'cid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27894/info The PHP-Nuke WebLinks module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...
NukeCalendar 1.1 .a block-Calendar1.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions
No description provided by source. Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS...
PHP-Nuke < 8.0 (sid) Remote SQL Injection Exploit
No description provided by source. ?php errorreporting EERROR; inisetmaxexecutiontime,0; echo ' +=========================================+ | RST/GHC unpublished PHP Nuke exploit 8 | +=========================================+ + version 8.0 + Tested on 7.9 & 6.0 '; if $argc 2 print Usage: . $argv...
PHP-Nuke 6.0 Web Mail Remote PHP Script Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that...
PHP-Nuke 6.0 Web Mail Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email...
PHP-Nuke <= 8.0 Final (sid) Remote SQL Injection Exploit
No description provided by source. ?php UNPUBLISHED RST/GHC EXPLOIT PHP Nuke sid sql injection exploit for Search module POST method - the best for version 8.0 FINAL coded by Foster & 1dt.w0lf tested on 6.0 , 6.6 , 7.9 , 8.0 FINAL versions if isset$POST'Submit'...
PHP-Nuke MyHeadlines 4.3.1 Module Cross-Site Scripting Vulnerability
No description provided by source...
PHP-Nuke 'KuiraniKerim' Module - 'sid' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29261/info The 'KuiraniKerim' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow ...
PHP Nuke 5.0 'user.php' Form Element Substitution Vulnerabilty
No description provided by source. source: http://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas...