1732 matches found
PHP-Nuke 5.x/6.0 - Avatar HTML Injection
source: https://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. PHP-Nuke does not sanitize code submitted to a site from the avatar...
php-nuke again ...
-----BEGIN PGP SIGNED MESSAGE----- I. BACKGROUND PHP-Nuke is a popular Web portal system. Project homepage : http://www.phpnuke.org II. DESCRIPTION Remote attacker could transfer to server his own file or copy arbitrary file from system to accessible directory. The result of such acts could be...
CVE-2002-1995
Cross-site scripting XSS vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter...
CVE-2002-2032
sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...
CVE-2002-1803
Cross-site scripting XSS vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...
PT-2002-2753 · Php · Php-Nuke
Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.4 and earlier Description: The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the sql debug parameter in...
PHP-Nuke 6.0 - modules.php Denial of Service
PHP-Nuke 6.0 - modules.php Denial of Service source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters...
PHP-Nuke 6.0 - 'modules.php' Denial of Service
source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters. An attacker can exploit this vulnerability b...
PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting
Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°°°°°°°°°°°°°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds of...
PHP-Nuke code execution and XSS vulnerabilities
PHP-Nuke code execution and XSS vulnerabilities PROGRAM: PHP-Nuke VENDOR: Fransisco Burzi et al. HOMEPAGE: http://phpnuke.org/ VULNERABLE VERSIONS: 6.0 the only supported version IMMUNE VERSIONS: 6.0 with my patch applied LOGIN REQUIRED: no DESCRIPTION: "PHP-Nuke is a Web portal and online...
PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for...
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has...
PHP-Nuke 6.0 - Web Mail Script Injection
PHP-Nuke 6.0 - Web Mail Script Injection source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an...
PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities
PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. Exploiting this issue wil...
PHP-Nuke 6.0 - Web Mail Script Injection
source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied scrip...
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...
PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. By constructi...
PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. Exploiting this issue will cause the target server to disclose sensitive information...
PHP-Nuke 5.x6.06.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
PHP-Nuke 5.x6.06.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious lin...
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client ...