1732 matches found
CVE-2004-1821
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter...
CVE-2004-1819
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message...
PHP-Nuke 7.1 Recommend_Us Module - fname Cross-Site Scripting
PHP-Nuke 7.1 RecommendUs Module - fname Cross-Site Scripting source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via...
PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search'...
[waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0
================================================================================ waraxe-2004-SA003 ================================================================================ SQL injection in Php-Nuke 7.1.0 ================================================================================...
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting
PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information...
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied...
PHP-Nuke 6.x7.x - Public Message SQL Injection
PHP-Nuke 6.x7.x - Public Message SQL Injection source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to t...
[waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
================================================================================ waraxe-2004-SA002 ================================================================================ Cross-Site Scripting XSS in Php-Nuke 7.1.0...
PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and...
PHP-Nuke 6.x/7.x - Public Message SQL Injection
source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modif...
PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML a...
[waraxe-2004-SA#001] - Script injection in GBook for Php-Nuke ver. 1.0
================================================================================ waraxe-2004-SA001 ================================================================================ Script injection in GBook for Php-Nuke ver. 1.0...
PHP-Nuke 6.x (Multiple Modules) - SQL Injection
PHP-Nuke 6.x Multiple Modules - SQL Injection source: https://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke...
PHP-Nuke 6.x (Multiple Modules) - SQL Injection
source: https://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be...
SCSA027.txt
====================================================================== Security Corporation Security Advisory SCSA-027 PHP-Nuke 6.9 SQL Injection Vulnerability ====================================================================== PROGRAM: PHP-Nuke HOMEPAGE: http://www.phpnuke.org VULNERABLE...
CVE-2003-1400
Cross-site scripting XSS vulnerability in the YourAccount module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the useravatar parameter...
CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via 1 a uid user cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid admin cookie to the WebLinks module in ...
CVE-2003-1468
The WebLinks module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message...
CVE-2003-1547
Cross-site scripting XSS vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter...