PHP-Nuke 0-7 - Double Hex Encoded Input Validation

PHP-Nuke 0-7 - Double Hex Encoded Input Validation source: https://www.securityfocus.com/bid/13557/info PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded i.e...

PHP-Nuke 0-7 - Double Hex Encoded Input Validation

source: https://www.securityfocus.com/bid/13557/info PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded i.e. %25%41 == %41 == A. A remote attacker may exploit...

CVE-2005-1386

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 ipban.php, 2 db.php, 3 lang-norwegian.php, 4 lang-indonesian.php, 5 lang-greek.php, 6 a request to WebLinks with the portuguese language lang-portuguese.php, 7 a request to WebLinks with the...

CVE-2005-1386

CVE-2005-1386 affects PHP-Nuke 7.6 and earlier. A remote attacker could obtain sensitive information via direct requests to specific PHP scripts (ipban.php, db.php, lang-norwegian.php, lang-indonesian.php, lang-greek.php, lang-portuguese.php, and related language/module pages) which disclose the ...

CVE-2005-1386

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 ipban.php, 2 db.php, 3 lang-norwegian.php, 4 lang-indonesian.php, 5 lang-greek.php, 6 a request to WebLinks with the portuguese language lang-portuguese.php, 7 a request to WebLinks with the...

CVE-2005-1180

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the forwarder parameter...

CVE-2005-0996

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the email or url parameters in the Add function, 2 the min parameter in the viewsdownload function, or 3 the min parameter in the search function...

CVE-2005-0998

The WebLinks module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server...

CVE-2005-0997

Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via 1 the email or url parameters in the Add function, 2 the url parameter in the modifylinkrequestS function, 3 the orderby or min parameters in the viewlink...

CVE-2005-1001

PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to 1 the Surveys module with the file parameter set to comments or 2 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message...

CVE-2005-1023

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 min parameter to the Search module, 2 the categories parameter to the FAQ module, or 3 the ltr parameter to the Encyclopedia module. NOTE: the bid...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-0901

Multiple cross-site scripting XSS vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the 1 catname, 2 markname, 3 comment, or 4 category parameter...

CVE-2005-0902

SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2005-0999

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter...

CVE-2005-1000

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the bid parameter to the EmailStats op in banners.pgp, 2 the ratenum parameter in the TopRated and MostPopular actions in the WebLinks module, 3 the ttitle paramet...

CVE-2005-1024

modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 myheadlines, 2 userinfo, or 3 search, which reveals the path in a PHP error message...

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

Multiples Full Path Disclosure in php-nuke 7.6 (and below)

Multiples Full Path Disclosure in php-nuke 7.6 and below --------------------------------------------------------------------------- Author: project-restart Date: 27. April 2005 Location: Brazil Web: http://www.project-restart.org/ Target: PHP-nuke 7.6 and below...

CVE-2005-1180

Technical details about CVE-2005-1180 are not publicly provided in the supplied connected documents. The records here restate the vulnerability description without additional specifics on affected versions, fixes, or exploit information. Monitor for updates.