PHP-Nuke 6.5 Addon - Viewpage.php File Disclosure

PHP-Nuke 6.5 Addon - Viewpage.php File Disclosure source: https://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under...

PHP-Nuke 6.06.5 Forum Module - viewtopic.php SQL Injection

PHP-Nuke 6.06.5 Forum Module - viewtopic.php SQL Injection source: https://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a...

PHP-Nuke 6.0/6.5 Forum Module - 'viewforum.php' SQL Injection

source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker ...

PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection

source: https://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker ...

PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure

source: https://www.securityfocus.com/bid/7191/info PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances. It should be noted that this...

Nukestyles.com viewpage.php Addon for PHP-Nuke File Parameter Traversal Arbitrary File Access

viewpage.php part of Nukestyles.com addon for PHP-Nuke does not filter user-supplied input. As a result, an attacker may use it to read arbitrary files on the remote host by supplying a bogus value to the 'file' parameter of this CGI. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PHP-Nuke 5.66.x News Module - index.php SQL Injection

PHP-Nuke 5.66.x News Module - index.php SQL Injection source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string...

PHP-Nuke 5.66.x News Module - article.php SQL Injection

PHP-Nuke 5.66.x News Module - article.php SQL Injection source: https://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious stri...

PHP-Nuke 5.66.x - banners.php Banner Manager Password Disclosure

PHP-Nuke 5.66.x - banners.php Banner Manager Password Disclosure source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke...

PHP-Nuke 5.6/6.x News Module - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to...

PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure

source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...

PHP-Nuke 5.5 and 6.0: Path Disclosure

Product - PHP-Nuke + Version - 5.5, 6.0 other versions not tested jet + Website - http://www.phpnuke.org + Problems - Path Disclosure + Explanation: The fault happens in the file print.php, which this including in the modulos 'News' and 'AvantGo', in the same one is checked that the variable $sid...

PHP-Nuke 5.56.0 News Module - Full Path Disclosure

PHP-Nuke 5.56.0 News Module - Full Path Disclosure source: https://www.securityfocus.com/bid/7079/info The News module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information...

PHP-Nuke Splatt Forum 3.2 Module - Full Path Disclosure

PHP-Nuke Splatt Forum 3.2 Module - Full Path Disclosure source: https://www.securityfocus.com/bid/7080/info The Splatt Forum module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker could use the...

[UNIX] Sourceforge Jacobuddy Cross Site Scripting (XSS) and Upload Exploit

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...

phpnuke60.2.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Version : 6.0 & 6.5 RC2 Modules : Forums, PrivateMessages Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/Forums/viewtopic.php :...

PHP-Nuke 6.0 & 6.5RC2 SQL Injection Again

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Version : 6.0 & 6.5 RC2 Modules : Forums, PrivateMessages Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/Forums/viewtopic.php :...

PHP-Nuke 6.0 (& 6.5?) : Serious SQL Injection Security Holes

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 & 6.5? Modules : MembersList, YourAccount Problem : SQL Injection PHP Configuration : This will work if magicquotesgpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/MembersList/index.php :...

PHP-Nuke Detection

The remote host is running a copy of PHP-Nuke. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was clearly not in the mind of the persons who wrote it. The author of PHP-Nuke Francisco Burzi even started t...

PHP-Nuke 5.x6.0 - Avatar HTML Injection

PHP-Nuke 5.x6.0 - Avatar HTML Injection source: https://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. PHP-Nuke does not sanitize code...