PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln

No description provided by source. htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by &...

PHP-Nuke IFrame Module IFrame.PHP远程文件包含漏洞

PHP-Nuke IFrame Module是一款基于PHP的WEB应用程序。 PHP-Nuke IFrame Module不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'IFrame.PHP'脚本对用户提交的'file'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHP-Nuke iFrame Module 目前没有解决方案提供： http://phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=3...

htmltonuke-rfi.txt

htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1520

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

Cross site request forgery (csrf)

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

CVE-2007-1519

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1520

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

CVE-2007-1519

PHP-Nuke (versions 8.0 and earlier) is affected by a cross-site scripting (XSS) issue in modules.php, exploitable via the query parameter in the Downloads module search. This is a remote XSS vulnerability in PHP-Nuke INP/Downloads search path; the exact root cause is a failure to sanitize input i...

CVE-2007-1520

The CVE-2007-1520 issue affects PHP-Nuke 8.0 and earlier, where CSRF protection fails to verify that the SERVER superglobal is an array before validating HTTP_REFERER. This logic flaw enables CSRF attacks against vulnerable PHP-Nuke installations. The vulnerability is described in multiple source...

PHP-Nuke Module htmltonuke 2.0alpha - 'htmltonuke.php' Remote File Inclusion

htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...

PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln

Exploit for unknown platform in category web applications ============================================================= PHP-Nuke Module htmltonuke 2.0alpha htmltonuke.php RFI Vuln ============================================================= htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.p...

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork :...

PT-2007-2909 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion

!/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php"; -------- Line : 19 Dork: "Splatt Forum©" Discovered & Coded...

PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit

Exploit for unknown platform in category web applications ================================================================ PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit ================================================================ !/usr/bin/perl Modulo Splatt Forum v4.0...

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion !/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php";...

PHP-Nuke - 'iframe.php' Remote File Inclusion

iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] , http://hack-teach.com/ ifsubstr$file,-4!=".htm" ...

PHP-Nuke - iframe.php Remote File Inclusion

PHP-Nuke - iframe.php Remote File Inclusion iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...

Sql injection

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...