CVE-2006-1847

SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2005-4781

CVE-2005-4781 refers to multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke. The vulnerabilities allow remote attackers to inject arbitrary SQL via the parameters (1) idartist, (2) idsong, and (3) idalbum in modules.php. The NVD entry lists a CVSS2 ...

CVE-2005-4781

Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the 1 idartist, 2 idsong, and 3 idalbum parameters to modules.php...

[Full-disclosure] PHP-NUKE Submit_News Cross-Site Scripting Vulnerability

Advisory 9 Title: PHP-NUKE SubmitNews Cross-Site Scripting Vulnerability Author: 0ozeuso0 Contact: [email protected] Website: www.elitemexico.org Date: 01/03/2006 Risk: High Vendor Url: http://www.phpnuke-espanol.org/ Affected Software: php-nuke Non Affected: We Are: olimpus klan team Info:...

Sql injection

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a / sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter...

Sql injection

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

CVE-2006-0908

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

CVE-2006-0907

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a / sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter...

CVE-2006-0908

CVE-2006-0908 affects PHP-Nuke 7.8 Patched 3.2. A remote attacker can bypass SQL injection protections via /%2a /* sequences containing the word ad_click in the query string (kala parameter). The NVD description notes this as a SQL injection bypass vulnerability with a base CVSSv2 score of 7.5 (H...

CVE-2006-0907

PHP-Nuke vulnerability CVE-2006-0907 affects PHP-Nuke before 7.8, patched 3.2, where remote attackers can inject SQL via encoded /%2a (/*) sequences in the query string (e.g., kala parameter) that bypass regex protections. The issue enables arbitrary SQL execution and requires an upgrade to the p...

CVE-2006-0907

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a / sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter...

CVE-2006-0908

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

PHP-Nuke 7.8 - Mainfile.php SQL Injection

PHP-Nuke 7.8 - Mainfile.php SQL Injection source: https://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

PHP-Nuke 7.8 - 'Mainfile.php' SQL Injection

source: https://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the...

PHP-Nuke 7.5 - 7.8 (Search) Remote SQL Injection Exploit

No description provided by source. / | | | | | | | / | | | | | |/ \ | | --- | |----| | \ \ || | | | || / Copyright C 2006 Untruth Labs Critical sql injection in phpNuke 7.5-7.8 Exploit coded by unitedbr greetz: paulin, barros, xgc found by Janek Vind "waraxe" Original advisory:...

PHP-Nuke 7.5 7.8 - Search SQL Injection

PHP-Nuke 7.5 7.8 - Search SQL Injection / | | | | | | | / | | | | | |/ \ | | --- | |----| | \ \ || | | | || / Copyright C 2006 Untruth Labs Critical sql injection in phpNuke 7.5-7.8 Exploit coded by unitedbr greetz: paulin, barros, xgc found by Janek Vind "waraxe" Original advisory:...

PHP-Nuke 7.5 - 7.8 (Search) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== PHP-Nuke 7.5 - 7.8 Search Remote SQL Injection Exploit ======================================================== / | | | | | | | / | | | | | |/ \ | | --- | |----| | \ \ || | | | || /...

PHP-Nuke 7.5 < 7.8 - 'Search' SQL Injection

/ | | | | | | | / | | | | | |/ \ | | --- | |----| | \ \ || | | | || / Copyright C 2006 Untruth Labs Critical sql injection in phpNuke 7.5-7.8 Exploit coded by unitedbr greetz: paulin, barros, xgc found by Janek Vind "waraxe" Original advisory: http://www.waraxe.us/advisory-46.html...

dragonflycms9.0.6.1.txt

Multiple Cross site scripting in dragonflycms 9.0.6.1 Vendor url:http://dragonflycms.org/ Advisore: http://lostmon.blogspot.com/2006/02/ multiple-cross-site-scripting-in.html Vendor notify: exploit available: yes Description: "Dragonfly CMS is a powerful, feature-rich, Open Source content...

Design/Logic Flaw

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...