CVE-2005-1180

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the forwarder parameter...

PHPNukeXSS2.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PhpNuke 7.6=x Multiple vulnerabilities cXIb8O3.12 Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.3.2005 from securityreason.com TEAM - --- 0. For --- This adv. is only for John Poul II, Polish Pope. Peace! - --- 1.Description --- PHP-Nuke is a Web...

PHPNukeXSS.txt

-= SecurityReason-2005-SRA04 =- -= Full path disclosure and XSS in PHPNuke =- Author: sp3x Date: 3. April 2005 In Memory of John Poul II : =========================== "Love converts hearts and gives peace," - John Poul II The Great "To miłość nawraca serca i daruje pokój ludzkości, która wydaje s...

Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Http Response Splitting...

PHP-Nuke 7.6 Surveys Module - HTTP Response Splitting

PHP-Nuke 7.6 Surveys Module - HTTP Response Splitting source: https://www.securityfocus.com/bid/13201/info PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this...

PHP-Nuke 7.6 Surveys Module - HTTP Response Splitting

source: https://www.securityfocus.com/bid/13201/info PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web...

CVE-2005-1024

CVE-2005-1024 affects PHP-Nuke 6.x to 7.6. The issue is an information disclosure via direct requests to my_headlines, userinfo, or search, which causes a PHP error that reveals the path. No explicit root cause or vulnerable version patch is provided in the connected documents, and exploitation d...

CVE-2005-1023

CVE-2005-1023 : XSS vulnerabilities in PHP-Nuke 6.x–7.6 allow remote attackers to inject arbitrary script/HTML via specific parameters in Search, FAQ, and Encyclopedia modules (min, categories, ltr). The note clarifies that the related banner issue is covered by CVE-2005-1000. Connected documents...

CVE-2005-1027

The vulnerability concerns PHP-Nuke 6.x through 7.6 with multiple stored/reflected XSS vectors in the web interface. Specifically, arbitrary web script/HTML can be injected via the username parameter in the Your_Account module, the avatarcategory parameter in the Your_Account module, or the lid p...

CVE-2005-1023

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 min parameter to the Search module, 2 the categories parameter to the FAQ module, or 3 the ltr parameter to the Encyclopedia module. NOTE: the bid...

CVE-2005-1024

modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 myheadlines, 2 userinfo, or 3 search, which reveals the path in a PHP error message...

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 contains an information disclosure vulnerability where remote attackers can obtain sensitive information by directly requesting (1) index.php with the forum_admin parameter, (2) the Surveys module, or (3) the Your_Account module. The attack reveals the path in a PHP error...

[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13 Author: Maksymilian Arciemowicz cXIb8O3 Date: 5.4.2005 from securityreason.com TEAM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online...

CVE-2005-1000

CVE-2005-1000: XSS in PHP-Nuke 7.6. Affected components include banners.pgp (EmailStats op) via bid, Web_Links (TopRated/MostPopular via ratenum, viewlinkdetails/editorial/comments/ratelink via ttitle), and Your_Account (username). Root cause is improper handling of user-supplied parameters leadi...

CVE-2005-0998

The CVE-2005-0998 entry concerns the Web_Links module of PHP-Nuke 7.6. Reported vulnerability: an invalid show parameter triggers a division-by-zero PHP error, causing leakage of the server’s full pathname. Affected component: Web_Links module (PHP-Nuke 7.6). Impact: remote attackers could obtain...

CVE-2005-1001

PHP-Nuke 7.6 is affected by CVE-2005-1001, where remote attackers can obtain sensitive information. The vulnerability arises from direct requests to the Surveys module (file parameter set to comments) or to 3D-Fantasy/theme.php, which causes a PHP error message that leaks the full server pathname...

CVE-2005-0997

CVE-2005-0997 concerns multiple SQL injection vulnerabilities in the Web_Links module of PHP-Nuke 7.6 . The affected component appears to be the Web_Links module, with vulnerable input handling in: (1) email or url parameters in Add, (2) url parameter in modifylinkrequestS, (3) orderby/min in vie...

CVE-2005-0999

The CVE-2005-0999 entry concerns the Top module of PHP-Nuke, affected versions 6.x through 7.6. The vulnerability is a SQL injection that lets remote attackers execute arbitrary SQL commands through the querylang parameter. This is documented in multiple sources (NVD/CVE records) as a SQL injecti...