CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...

CVE-2002-0206

The CVE-2002-0206 issue affects PHP-Nuke: index.php may include a URL to remote code via the file parameter, enabling remote arbitrary PHP code execution on servers running PHP-Nuke 5.3.1 and earlier (and possibly versions before 5.5). Root cause is PHP’s include() reading a URL without validatin...

More Cross site Scripting in PHPNuke

Cross site scripting is a serious problem, even if some people doesn't believe it, On this second round i'll show 8 new XSS vulnerabilities in PHP Nuke most of them are also path disclosure vulns:...

PHP-Nuke 5.x - Error Message Web Root Disclosure

PHP-Nuke 5.x - Error Message Web Root Disclosure source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a...

PHP-Nuke 5.x - Error Message Web Root Disclosure

source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause t...

phpnukeEKO.txt

// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. echo7 // // [email protected] http://nyshock.hypermart.net // // efnet dna // PHP Nuke can expose full Path beginning with root dir Which can be used to plan further attack against a Vulnerable website, Disposing Information...

php-nuke.5.5.css.txt

PHP-Nuke is a PHP based portal management system used at thousands of sites. A Cross Site Scripting vulnerability has been discovered in the PHP-Nuke version 5.5 and prior versions. There is a function called Private Messages in PHP-Nuke by which the registered users of the site can send messages...

CVE-2001-0001

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie...

CVE-2001-0321

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter...

CVE-2001-0001

PHP-Nuke 4.4 is affected by an authentication bypass via the cookiedecode flow. A crafted cookie (base64-encoded string split by colon) is decoded to populate $cookie[0] and other variables, allowing an attacker to manipulate the SQL in updates to impersonate other users and view or modify their ...

CVE-2001-0321

CVE-2001-0321 corresponds to a traversal/Arbitrary File Read in the PHP-Nuke CGI opendir.php. The affected component is the opendir.php script used by PHP-Nuke; the root cause is a filename parameter in the requesturl argument that allows remote attackers to read arbitrary files on the server. Th...

PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1

PHP-Nuke 5.5 - Cross Site Scripting - Bad use of cookies. More details : In french : http://www.ifrance.com/kitetoua/tuto/PHPNuke55.txt Translated by Google : http://translate.google.com/translate?u=http3A 2F2Fwww.ifrance.com2Fkitetoua2Ftuto 2FPHPNuke55.txt&langpair=fr7Cen&hl=en&prev=...

PHP-Nuke sql_debug Information Disclosure

In PHP-Nuke, the sqllayer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators. %NASLMINLEVEL 70300 This script was written by Georges Dagousset Script aud...

CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it...

CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable e.g., by including mainfile.php, such as article.php...

CVE-2001-1025

CVE-2001-1025 concerns PHP-Nuke 5.x. The vulnerability allows remote attackers to perform arbitrary SQL operations by modifying the prefix variable in scripts that do not define it (for example, by including mainfile.php), such as article.php. The mechanism is an injection flaw arising from unsaf...

CVE-2001-0911

CVE-2001-0911 affects PHP-Nuke 5.1, where user and administrator passwords are stored in a base-64 encoded cookie. This could allow remote attackers to gain privileges by stealing/sniffing the cookie and decoding it. The connected sources corroborate the cookie-based credential exposure, but no p...

PHP-Nuke allows Command Execution & Much more

Hi All! I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code. The flaw is in the index.php's include file feature. It allows including files like index.php?file=file It prevents users including ..'s in URL's, but it didn't prevent users from entering http://-urls...

Выполнение команд через PHP-Nuke (code execution)

Можно заставить PHP-Nuke использовать внешний php файл...

PHP-Nuke 4.x5.x - Arbitrary File Inclusion

PHP-Nuke 4.x5.x - Arbitrary File Inclusion source: https://www.securityfocus.com/bid/3889/info PHPNuke is a website creation/maintenance tool. The 'index.php' script has a feature which allows users to include files. Due to insufficent input validation, it is possible to include files located on ...