1732 matches found
PHP-Nuke Software Detection
Binary data 1591.prm...
Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
Affected software description: Php-Nuke is popular freeware content management system, written in php by Francisco Burzi. This CMS COntent Management System is used on many thousands websites, because its free of charge, easy to install and has broad set of features. Homepage: http://phpnuke.org...
PHP-Nuke 0-7 - Delete God Admin Access Control Bypass
source: https://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by maki...
PHP-Nuke 0-7 - Delete God Admin Access Control Bypass
PHP-Nuke 0-7 - Delete God Admin Access Control Bypass source: https://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke...
CVE-2004-0738
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the 1 min or 2 categ parameters...
CVE-2004-0732
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter...
CVE-2004-0731
Cross-site scripting XSS vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field...
CVE-2004-0737
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 sid, 2 max, 3 sel1, 4 sel2, 5 sel3, 6 sel4, 7 sel5, 8 match, 9 mod1, 10 mod2, or 11 mod3 parameters...
CVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the 1 "" or 2 "+" search patterns, which reveals the path in an error message...
CVE-2004-0738
The CVE-2004-0738 entry documents multiple SQL injection vulnerabilities in the Php-Nuke Search module, exploitable via the min or categ parameters to allow remote arbitrary SQL execution. Affected software: Php-Nuke (Search module). Root cause: input unsafely concatenated into SQL queries (as de...
CVE-2004-0737
CVE-2004-0737 concerns Php-Nuke’s Search module (index.php). The advisory notes multiple cross-site scripting vulnerabilities exploitable through 11 parameters (sid, max, sel1–sel5, match, mod1–mod3), allowing remote injection of arbitrary script/HTML. The root cause implied is insufficient input...
CVE-2004-0736
CVE-2004-0736 affects Php-Nuke’s search module. The issue lets remote attackers glean sensitive information by using the (1) "**" and (2) "+" search patterns, which reveal the application path in error messages. The available documents do not specify affected Php-Nuke versions or a concrete patch...
CVE-2004-0731
CVE-2004-0731 describes a cross-site scripting (XSS) vulnerability in the Php-Nuke software, specifically in index.php within the Search module. The issue allows remote attackers to inject arbitrary script as other users via the input field. The CVSS metrics indicate a network-accessible flaw wit...
CVE-2004-0732
CVE-2004-0732 describes a SQL injection in Php-Nuke’s Search module (index.php) exploitable via the instory parameter. Root cause: insufficient input validation in the Search module, enabling remote attackers to inject arbitrary SQL. Impact per CVSSv2 is partial disclosure, modification, and disr...
CVE-2004-0731
Cross-site scripting XSS vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field...
CVE-2004-0732
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter...
CVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the 1 "" or 2 "+" search patterns, which reveals the path in an error message...
CVE-2004-0737
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 sid, 2 max, 3 sel1, 4 sel2, 5 sel3, 6 sel4, 7 sel5, 8 match, 9 mod1, 10 mod2, or 11 mod3 parameters...
CVE-2004-0738
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the 1 min or 2 categ parameters...
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/10595/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting, HTML injection, and SQL injection attacks. Although unconfirmed,...