1732 matches found
CVE-2005-0996
CVE-2005-0996 involves multiple SQL injection vulnerabilities in the Downloads module of PHP-Nuke 7.6. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) email or url parameters in Add, (2) min parameter in viewsdownload, and (3) min parameter in search. Affected pr...
CVE-2005-1000
Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the bid parameter to the EmailStats op in banners.pgp, 2 the ratenum parameter in the TopRated and MostPopular actions in the WebLinks module, 3 the ttitle paramet...
CVE-2005-0996
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the email or url parameters in the Add function, 2 the min parameter in the viewsdownload function, or 3 the min parameter in the search function...
CVE-2005-1001
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to 1 the Surveys module with the file parameter set to comments or 2 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message...
CVE-2005-0997
Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via 1 the email or url parameters in the Add function, 2 the url parameter in the modifylinkrequestS function, 3 the orderby or min parameters in the viewlink...
CVE-2005-0998
The WebLinks module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server...
CVE-2005-0999
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter...
PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)
Exploit for unknown platform in category web applications ==================================================================== PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit working ==================================================================== /bin/bash This is just basic-ly...
PHP-Nuke 7.6 Web_Links Module - Multiple SQL Injections
PHP-Nuke 7.6 WebLinks Module - Multiple SQL Injections source: https://www.securityfocus.com/bid/13055/info The WebLinks module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before...
PHP-Nuke 7.6 Web_Links Module - Multiple SQL Injections
source: https://www.securityfocus.com/bid/13055/info The WebLinks module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could...
PHP-Nuke 7.6 - banners.php Cross-Site Scripting
PHP-Nuke 7.6 - banners.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...
PHP-Nuke 7.6 - 'banners.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...
PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13025/info PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the WebLinks Module. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to hav...
PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 7.6 WebLinks Module - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13025/info PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the WebLinks Module. These issues are due to a failure in the application to proper...
PHP-Nuke 6.x7.x Your_Account Module - Avatarcategory Cross-Site Scripting
PHP-Nuke 6.x7.x YourAccount Module - Avatarcategory Cross-Site Scripting source: https://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly...
PHP-Nuke 6.x7.x Your_Account Module - Username Cross-Site Scripting
PHP-Nuke 6.x7.x YourAccount Module - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...
PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting
PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...
[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PhpNuke 7.6=x Multiple vulnerabilities cXIb8O3.12 Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.3.2005 from securityreason.com TEAM - --- 0. For --- This adv. is only for John Poul II, Polish Pope. Peace! - --- 1.Description --- PHP-Nuke is a Web...
Full path disclosure and XSS in PHPNuke
-= SecurityReason-2005-SRA04 =- -= Full path disclosure and XSS in PHPNuke =- Author: sp3x Date: 3. April 2005 In Memory of John Poul II : =========================== "Love converts hearts and gives peace," - John Poul II The Great "To mio nawraca serca i daruje pokуj ludzkoci, ktуra wydaje si...
PHP-Nuke 6.x/7.x 'Downloads' Module - 'Lid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious...