CVE-2004-2293

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the 1 eid parameter or 2 query parameter to the Encyclopedia module, 3 previewreview function in the Reviews module as demonstrated by the url, cover,...

CVE-2004-2296

The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...

CVE-2004-2297

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service CPU and memory consumption via a large, out-of-range score parameter...

CVE-2004-2352

Cross-site scripting XSS vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $COOKIE PHP variable, which is not cleansed by PHP-Nuke...

CVE-2004-2295

SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter...

CVE-2004-1842

Cross-site request forgery CSRF vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php...

CVE-2004-1914

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2004-1529

Cross-site scripting XSS vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the 1 type, 2 day, 3 month, or 4 year parameters in a Preview operation, or 5 event comments...

CVE-2004-1530

SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the 1 eid or 2 cid parameters...

CVE-2004-1528

The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to 1 config.php, 2 index.php, or 3 submit.php, which reveal the full path in an error message...

CVE-2004-1913

Cross-site scripting XSS vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-2018

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code...

PT-2004-2741 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: Php-Nuke versions 6.x through 7.1.0 Description: A cross-site request forgery issue allows remote attackers to gain administrative privileges. This can be achieved via an img tag with a URL to "admin.php". Recommendations: For Php-Nuke versio...

[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting

TITLE: PHP-Nuke Workboard Module Cross-Site Scripting SECUNIA ADVISORY ID: SA13574 VERIFY ADVISORY: http://secunia.com/advisories/13574/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Workboard 1.x module for PHP-Nuke http://secunia.com/product/4432/ DESCRIPTION...

CVE-2004-0266

SQL injection vulnerability in the "public message" capability publicmessage for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the cmid parameter...

CVE-2004-0269

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via 1 the category variable in the Search module or 2 the admin variable in the WebLinks module...

CVE-2004-0265

Cross-site scripting XSS vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded 1 title or 2 fname parameters in the News or Reviews modules...

PHP-Nuke SQL Injection Edit/Save Message(s) Bug

Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...