PHP-Nuke 7.6 - banners.php Cross-Site Scripting

PHP-Nuke 7.6 - banners.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13025/info PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the WebLinks Module. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to hav...

PHP-Nuke 7.6 - 'banners.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...

PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting

PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...

[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PhpNuke 7.6=x Multiple vulnerabilities cXIb8O3.12 Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.3.2005 from securityreason.com TEAM - --- 0. For --- This adv. is only for John Poul II, Polish Pope. Peace! - --- 1.Description --- PHP-Nuke is a Web...

PHP-Nuke 6.x/7.x 'Downloads' Module - 'Lid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious...

CVE-2005-0901

Multiple cross-site scripting XSS vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the 1 catname, 2 markname, 3 comment, or 4 category parameter...

CVE-2005-0900

CVE-2005-0900 affects marks.php in NukeBookmarks 0.6 for PHP-Nuke. Vulnerability: a remote attacker can obtain sensitive information by supplying an invalid (file or category) parameter, causing an error message that reveals the path. Product/version details are as described in the CVE entry; no ...

CVE-2005-0901

CVE-2005-0901 affects NukeBookmarks 0.6 for PHP-Nuke with multiple XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via the catname, markname, comment, or category parameters. The NVD entry records a CVSS v2 base score of 4.3 (Medium) with network attack vector, no auth...

CVE-2005-0902

CVE-2005-0902 affects NukeBookmarks 0.6 for PHP-Nuke, with an SQL injection in marks.php via the category parameter that allows remote SQL execution. CVSS v2 base score 7.5 (HIGH); impact includes partial confidentiality, integrity, and availability. No remediation or exploit details are provided...

CVE-2005-0902

SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter...

ZH2005-03SA.txt

ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Author: Gerardo 'Astharot' Di Giacomo Date: 26 March 2005 Product: NukeBookmarks .6 URL: http://nukebookmarks.sourceforge.net/ About the product ----------------- From the home page: "Nuke Bookmarks is a module for PHP-Nuke that allows...

html code include in phpnuke news crash IE 6

www.wormzweb.tk ------------------------------------------------------------------------ ------------------------------------------------------------------------ ENGLISH ------------------------------------------------------------------------...

Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access

-------------------------------------------------------------------- Virginity Security Advisory 2005-002 - - - -------------------------------------------------------------------- DATE : 2005-03-13 15:11 GMT TYPE : remote VERSIONS AFFECTED : hola-cms-1.4.9-1 http://holacms.drunkencat.net/...

PHP-Nuke paBox Module Hidden Parameter XSS

Binary data 2702.prm...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

CVE-2005-0613

CVE-2005-0613 concerns an vulnerability in the FCKeditor 2.0 RC2 when used with PHP-Nuke, allowing remote attackers to upload arbitrary files. The issue is evidenced across multiple sources in the connected documents, which identify the affected component as the FCKeditor add-on for PHP-Nuke and ...

FCKeditor for PHP-Nuke Arbitrary File Upload

The remote host is running a version of the FCKeditor add-on for PHP-Nuke that allows a remote attacker to upload arbitrary files and run them in the context of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

CVE-2004-1528

The CVE-2004-1528 issue affects the Event Calendar module 2.13 for PHP-Nuke. It allows remote attackers to disclose sensitive information by triggering errors in HTTP requests to config.php, index.php, or submit.php, revealing the full path in an error message. The documentation does not specify ...