PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...

PHP-Nuke 6.x/7.x Your_Account Module - Avatarcategory Cross-Site Scripting

source: https://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...

CVE-2005-0900

CVE-2005-0900 affects marks.php in NukeBookmarks 0.6 for PHP-Nuke. Vulnerability: a remote attacker can obtain sensitive information by supplying an invalid (file or category) parameter, causing an error message that reveals the path. Product/version details are as described in the CVE entry; no ...

CVE-2005-0902

CVE-2005-0902 affects NukeBookmarks 0.6 for PHP-Nuke, with an SQL injection in marks.php via the category parameter that allows remote SQL execution. CVSS v2 base score 7.5 (HIGH); impact includes partial confidentiality, integrity, and availability. No remediation or exploit details are provided...

CVE-2005-0901

CVE-2005-0901 affects NukeBookmarks 0.6 for PHP-Nuke with multiple XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via the catname, markname, comment, or category parameters. The NVD entry records a CVSS v2 base score of 4.3 (Medium) with network attack vector, no auth...

CVE-2005-0900

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid 1 file or 2 category parameter, which reveal the path in an error message...

CVE-2005-0901

Multiple cross-site scripting XSS vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the 1 catname, 2 markname, 3 comment, or 4 category parameter...

CVE-2005-0902

SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter...

ZH2005-03SA.txt

ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Author: Gerardo 'Astharot' Di Giacomo Date: 26 March 2005 Product: NukeBookmarks .6 URL: http://nukebookmarks.sourceforge.net/ About the product ----------------- From the home page: "Nuke Bookmarks is a module for PHP-Nuke that allows...

CVE-2005-0900

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid 1 file or 2 category parameter, which reveal the path in an error message...

html code include in phpnuke news crash IE 6

www.wormzweb.tk ------------------------------------------------------------------------ ------------------------------------------------------------------------ ENGLISH ------------------------------------------------------------------------...

Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access

-------------------------------------------------------------------- Virginity Security Advisory 2005-002 - - - -------------------------------------------------------------------- DATE : 2005-03-13 15:11 GMT TYPE : remote VERSIONS AFFECTED : hola-cms-1.4.9-1 http://holacms.drunkencat.net/...

PHP-Nuke paBox Module Hidden Parameter XSS

Binary data 2702.prm...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

CVE-2005-0613

CVE-2005-0613 concerns an vulnerability in the FCKeditor 2.0 RC2 when used with PHP-Nuke, allowing remote attackers to upload arbitrary files. The issue is evidenced across multiple sources in the connected documents, which identify the affected component as the FCKeditor add-on for PHP-Nuke and ...

FCKeditor for PHP-Nuke Arbitrary File Upload

The remote host is running a version of the FCKeditor add-on for PHP-Nuke that allows a remote attacker to upload arbitrary files and run them in the context of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

PHP-Nuke 7.4 WebLinks SQL-Injection

Version: 7.4 Module: WebLinks function: TopRated //...... function TopRated$ratenum, $ratetype //........ if $ratenum != "" && $ratetype != "" $toplinks = $ratenum; //........... $result = $db-sqlquery"SELECT lid, cid, sid, title, description, date, hits, linkratingsummary, totalvotes,...

CVE-2004-1530

CVE-2004-1530 is a SQL injection vulnerability in the PHP-Nuke Event Calendar module 2.13. The flaw is triggered by unsanitized input in the (1) eid and (2) cid parameters, allowing remote attackers to execute arbitrary SQL commands. Documented impact indicates potential for partial confidentiali...

CVE-2004-1529

CVE-2004-1529 refers to a Cross-site Scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke. The issue allows remote attackers to trigger script execution by supplying malicious input in the Preview operation via the parameters (type, day, month, year) or in event comments. ...