CVE-2004-1998

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message...

phpnukeVideo.txt

Adivore: http://bichosoft.webcindario.com/advisory-03.txt =========================================================================== =================== Multiple vulnerabilities PHP-Nuke ===================== =================== Video Gallery Module for PHP-Nuke ===================== PROGRAM:...

[Full-Disclosure] Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke

Adivore: http://bichosoft.webcindario.com/advisory-03.txt =========================================================================== =================== Multiple vulnerabilities PHP-Nuke ===================== =================== Video Gallery Module for PHP-Nuke ===================== PROGRAM:...

CVE-2004-1971

modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid 1 catid or 2 clipid parameter, which reveals the full path in an error message...

CVE-2004-1972

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the 1 clipid or 2 catid parameters in a viewclip, viewcat, or voteclip action...

PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection

PHP-Nuke 7.2 Multiple Video Gallery Module - SQL Injection source: https://www.securityfocus.com/bid/10215/info Reportedly the PHP-Nuke Video Gallery module is affected by multiple SQL injection vulnerabilities. This is due to a failure of the application to properly sanitize user-supplied input...

CVE-2004-1929

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter...

PHP-Nuke 6.x/7.x - Multiple SQL Injections

source: https://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker could modify the logic and structure ...

PHP-Nuke 6.x7.x - CookieDecode Cross-Site Scripting

PHP-Nuke 6.x7.x - CookieDecode Cross-Site Scripting source: https://www.securityfocus.com/bid/10128/info Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode' function to properly sanitize user supplied cookie parameters...

PHP-Nuke 6.x7.x - Multiple SQL Injections

PHP-Nuke 6.x7.x - Multiple SQL Injections source: https://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an...

[waraxe-2004-SA#016 - Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3]

================================================================================ waraxe-2004-SA016 ================================================================================ Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3...

[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]

================================================================================ waraxe-2004-SA018 ================================================================================ Admin-level authentication bypass in phpnuke 6.x-7.2...

PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting

source: https://www.securityfocus.com/bid/10128/info Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode' function to properly sanitize user supplied cookie parameters. These issues could permit a remote attacker to crea...

CVE-2004-1932

SQL injection vulnerability in 1 auth.php and 2 admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter...

CVE-2004-1930

Cross-site scripting XSS vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie...

[waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a]

================================================================================ waraxe-2004-SA015 ================================================================================ Multiple vulnerabilities in NukeCalendar v1.1.a...

NukeCalendar 1.1.a - 'block-Calendar1.php' Full Path Disclosure

source: https://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive...

waraxe-2004-SA015.txt

================================================================================ waraxe-2004-SA015 ================================================================================ Multiple vulnerabilities in NukeCalendar v1.1.a...

[waraxe-2004-SA#011 - Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke]

================================================================================ waraxe-2004-SA011 ================================================================================ Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke...

CVE-2004-1839

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to 1 browsers.php, 2 mstrack.php, or 3 title.php, which reveal the full path in a PHP error message...