CVE-2004-1913

Cross-site scripting XSS vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter...

CVE-2004-1914

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter...

CVE-2004-1929

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter...

CVE-2004-1930

Cross-site scripting XSS vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie...

CVE-2004-1959

blockerquery.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message...

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid 1 catid or 2 clipid parameter, which reveals the full path in an error message...

CVE-2004-1972

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the 1 clipid or 2 catid parameters in a viewclip, viewcat, or voteclip action...

CVE-2004-1998

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message...

CVE-2004-1999

Cross-site scripting XSS vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the 1 ttitle or 2 sid parameters to modules.php...

CVE-2004-2000

SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the 1 orderby or 2 sid parameters to modules.php...

CVE-2004-2018

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code...

CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi PHP function with $SERVER'PHPSELF' to identify the calling script, which allows remote attackers to directly access scripts,...

CVE-2004-1819

4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message...

CVE-2004-1817

Cross-site scripting XSS vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Your Name field, 2 e-mail field, 3 nicname field, 4 fname parameter, 5 ratenum parameter, or 6 search field...

CVE-2004-1929

Affected software : PHP-Nuke 6.x through 7.2. Vulnerability : SQL injection in the bblogin function (functions.php) that allows remote attackers to bypass authentication by injecting base64-encoded SQL into the user parameter. Root cause : Improper handling/validation of user input in the login p...

CVE-2004-1840

Multiple cross-site scripting XSS vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 screen parameter to modules.php, 2 modulename parameter to title.php, 3 sortby parameter to modules.php, or 4 overview parameter to...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2004-1932

SQL injection vulnerability in 1 auth.php and 2 admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter...

CVE-2004-1820

The CVE-2004-1820 entry concerns PHP remote file inclusion in displaycategory.php of 4nalbum 0.92 running on PHP-Nuke 6.5–7.0. The underlying flaw allows an attacker to cause arbitrary PHP code execution by altering the basepath parameter to point to a URL on a remote web server that serves fileF...

CVE-2004-1842

PHP-Nuke 6.x through 7.1.0 is affected by a CSRF that lets an attacker gain administrative privileges via an image tag pointing to admin.php. The PT-2004-2741 entry confirms the issue and recommends upgrading to a version containing the fix; no specific fixed version is provided in the sources.