Php-Nuke - Local File Include Vulnerability

No description provided by source. ======================================================================================= Topic : Php-Nuke Bug type : Local File Include Vulnerability Author : ItSecTeam Remote : Yes Status : Bug ===================== Content ====================== Advisory Conten...

PHP-Nuke 6.0/6.5 Web_Links Module Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7589/info The WebLinks module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in th...

PHP-Nuke Error Manager Module 2.1 error.php Multiple Variables XSS

No description provided by source. source: http://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issu...

PHP Nuke 8.2.4 CSRF Vulnerability

No description provided by source. Exploit Title:CSRF vulnerability Author: sajith version: PHP Nuke 8.2.4 vulnerable app link:http://phpnuke.org/modules.php?name=Release CSRF add group html lang=en head titleCSRF POC PHP nuke 8.2.4/title /head body form...

PHP-Nuke 6.x/7.x Modpath Parameter Potential File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10365/info PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can b...

PHP-Nuke 5.x/6.0 Avatar HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6750/info A problem with PHP-Nuke could allow remote users to execute arbitrary code in the context of the web site. The problem is in the lack of sanitization of some types of input. PHP-Nuke does not sanitize code...

PHP-Nuke <= 8.0 Final (INSERT) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version for every basePostgreSQL,mssql... except MySQL base Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection atta...

PHP-Nuke 6.x/7.x 'Reviews' Module Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could all...

PHP-Nuke 8.0 .3.3b SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/23528/info PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker t...

PHP-Nuke 7.8 Mainfile.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16831/info PHP-Nuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could all...

PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10595/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting, HTML injection, and SQL injecti...

PHP-Nuke <= 8.0 Final (sid) Remote SQL Injection Exploit

No description provided by source. ?php UNPUBLISHED RST/GHC EXPLOIT PHP Nuke sid sql injection exploit for Search module POST method - the best for version 8.0 FINAL coded by Foster & 1dt.w0lf tested on 6.0 , 6.6 , 7.9 , 8.0 FINAL versions if isset$POST'Submit'...

PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability

No description provided by source...

PHP-Nuke 'friend.php' Module Remote SQL Injection

No description provided by source. Exploit Title: PHP-Nuke 'friend.php' Module Remote SQL Injection Date: 05.05.2010 Author: CMD Contact : [email protected] Version: all version =-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-= Code :...

PHP-Nuke <= 8.0 (Web_Links Module) Remote Blind SQL Injection Exploit

No description provided by source. PHP-Nuke = 8.0 WebLinks Module Remote Blind SQL Injection Exploit Author: yawn Contact Me: http://www.unitx.net E-Mail: [email protected] Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] | Dante90 He had but little gold within...

PHP-Nuke 8.2.4 - Multiple Vulnerabilities

No description provided by source. SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusio...

PHP-Nuke 7.4 - Remote Privilege Escalation

No description provided by source. A demonstration exploit HTTP form is provided: form name=mantra method=POST action=http://www.sitewithphpnuke.com/admin.php pUSERNAME: input type=text name=addaid br NOME: input type=text name=addname br PASSWORD: input type=text name=addpwd br E-MAIL: input...

PHP-Nuke Johannes Hass 'gaestebuch 2.2 Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28063/info The 'gaestebuch' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 6.x/7.x Public Message SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As...

PHP-Nuke Book Catalog Module 1.0 'catid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30511/info The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...