1732 matches found
CVE-2004-1840
Multiple cross-site scripting XSS vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 screen parameter to modules.php, 2 modulename parameter to title.php, 3 sortby parameter to modules.php, or 4 overview parameter to...
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using ...
PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/9947/info It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These issues could permit a remote attacke...
CVE-2004-0266
Affects Php-Nuke 6.x to 7.1.0 where the SQL injection vulnerability is in the public_message capability (c_mid parameter) that can disclose the administrator password. Exploitation details or specific patches are not provided in the connected documents. The OpenVAS/Nessus references confirm long-...
CVE-2004-0269
CVE-2004-0269 concerns a SQL injection vulnerability in PHP-Nuke 6.9 and earlier (and possibly 7.x). The vulnerability enables remote attackers to inject arbitrary SQL code and potentially read sensitive information via input in two modules: (1) the category variable in the Search module and (2) ...
CVE-2004-0265
This CVE concerns a Cross-site Scripting (XSS) vulnerability in Php-Nuke 6.x-7.1.0, specifically in modules.php. The vulnerability allows remote attackers to execute arbitrary script as other users by manipulating URL-encoded parameters (1) title or (2) fname in the News or Reviews modules. Affec...
CVE-2004-0266
SQL injection vulnerability in the "public message" capability publicmessage for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the cmid parameter...
CVE-2004-0269
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via 1 the category variable in the Search module or 2 the admin variable in the WebLinks module...
CVE-2004-0265
Cross-site scripting XSS vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded 1 title or 2 fname parameters in the News or Reviews modules...
CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid 1 language, 2 newlang, or 3 lang parameter, which leaks the pathname in a PHP error message...
PHP-Nuke Error Manager Module 2.1 - error.php?language Full Path Disclosure
PHP-Nuke Error Manager Module 2.1 - error.php?language Full Path Disclosure source: https://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional...
PHP-Nuke Error Manager Module 2.1 - error.php Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke Error Manager Module 2.1 - error.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle...
PHP-Nuke Error Manager Module 2.1 - 'error.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issues may be leveraged to carry out...
waraxe-2004-SA005.txt
================================================================================ waraxe-2004-SA005 ================================================================================ XSS in Php-Nuke 7.1.0 - part 2 ================================================================================ Autho...
PHP-Nuke 6.x7.07.1 - Image Tag Admin Command Execution
PHP-Nuke 6.x7.07.1 - Image Tag Admin Command Execution source: https://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in...
[waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]
================================================================================ waraxe-2004-SA005 ================================================================================ XSS in Php-Nuke 7.1.0 - part 2 ================================================================================ Autho...
PHP-Nuke 6.x/7.0/7.1 - Image Tag Admin Command Execution
source: https://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be...
CVE-2004-1819
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message...
CVE-2004-1820
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...
CVE-2004-1817
Cross-site scripting XSS vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Your Name field, 2 e-mail field, 3 nicname field, 4 fname parameter, 5 ratenum parameter, or 6 search field...