CVE-2003-0318

The CVE-2003-0318 entry describes a Cross-site Scripting (XSS) vulnerability in the Statistics module of PHP-Nuke 6.0 and earlier. An attacker could inject arbitrary script via the year parameter, affecting PHP-Nuke’s Statistics component. The NVD entry lists a base score of 4.3 (Medium) with I:P...

PHP-Nuke module PHP-Banner-Exchange path disclosure

------- Product: PHP-Nuke Vendor: F.Burzi Module: PHP-Banner Exchange Version: 1.2 ------- Accessing directly to the PHP Banner Exchange module and without a specified file : http://target/modules/phpbannerexchange/ phpbannerexchange module directory you get this: Warning: mainmainfile.php...

PHP-Nuke Denial of Service attack and more SQL Injections

------- Product: PHP-Nuke Vendor: Francisco Burzi Versions Vulnerable: Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6....

PHP-Nuke code injection in Yearly Stats at Statistics module

------- Product: PHP-Nuke Vendor: Francisco Burci Versions Vulnerable: 6.0 without patches , 6.0 with index.php and mainfile.php patches. 5.5 with patches all resting script tags No vulnerable: 6.0 with mainfile.php patch for block url tags inclusions not all . 5.5 with script tags but with the...

More and More SQL injection on PHP-Nuke 6.5.

/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...

CVE-2003-0279

Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using 1 the viewlink function and cid parameter, or 2 index.php...

CVE-2003-0279

CVE-2003-0279 describes multiple SQL injection vulnerabilities in the PHP-Nuke Web_Links module (versions 5.x through 6.5). The flaws allow remote attackers to access sensitive data by manipulating numeric fields, demonstrated via the viewlink function and cid parameter, or via index.php. The cor...

More and More SQL injection on PHP-Nuke 6.5.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection |...

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

PHP-Nuke 6.5 Multiple Downloads Module - SQL Injection source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of S...

PHP-Nuke 6.5 - modules.php?Username Cross-Site Scripting

PHP-Nuke 6.5 - modules.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the...

PHP-Nuke 6.06.5 Web_Links Module - Full Path Disclosure

PHP-Nuke 6.06.5 WebLinks Module - Full Path Disclosure source: https://www.securityfocus.com/bid/7589/info The WebLinks module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the...

Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 010 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...

PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure

source: https://www.securityfocus.com/bid/7589/info The WebLinks module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks...

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks...

PHP-Nuke 6.5 - 'modules.php?Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. This may allow for theft of cookie-based...

PHP-Nuke 5.x6.x Web_Links Module - SQL Injection

PHP-Nuke 5.x6.x WebLinks Module - SQL Injection source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access ...

PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection

source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitatio...

Multiple Vulnerabilities in Splatt Forum 4.0

=========================================================================== ==== FRAME4 SECURITY ADVISORY FSA-2003:001 --------------------------------------------------------------------------- ---- PRODUCT : Splatt Forum 4.0 for PHP-Nuke 6.0 PRODUCT/VENDOR URL : http://www.splatt.it/ TYPE :...

PHP-Nuke 6.5 FINAL Cross Site Scripting

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Tested Version : 6.5 FINAL Problem : Cross Site Scripting Exploit : °°°°°°°°° In the website or the email of the profil : - http://" onclick="SCRIPT onclick can be replaced by ondblclick, onhelp, onmouseout,...

PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection

PHP-Nuke 6.06.5 Forum Module - viewforum.php SQL Injection source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a...