PHP-Nuke 'Seminars' Module - 'fileName' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28089/info The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files...

PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31952/info PHP-Nuke Nuke League module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script...

PHP-Nuke <= 8.1.0.3.5b Remote Command Execution Exploit

No description provided by source. PHP-Nuke = 8.1.0.3.5b Remote Command Execution Exploit Author/s: Dante90 & yawn Contact Us: www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] You will remember, Watson, how the dreadful business of the Abernetty...

PHP-Nuke 4ndvddb 0.91 Module 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30120/info The '4ndvddb' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 6.x Multiple Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9544/info Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative...

PHP-Nuke < 8.0 (sid) Remote SQL Injection Exploit

No description provided by source. ?php errorreporting EERROR; inisetmaxexecutiontime,0; echo ' +=========================================+ | RST/GHC unpublished PHP Nuke exploit 8 | +=========================================+ + version 8.0 + Tested on 7.9 & 6.0 '; if $argc 2 print Usage: . $argv...

PHP-Nuke 6.x/7.x CookieDecode Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10128/info Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode' function to properly sanitize user supplied cookie parameters. These issues coul...

PHP Nuke 1.0/2.5/3.0/4.x Remote Ad Banner URL Change Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched...

PHP-Nuke 6.x/7.x Encyclopedia Module Multiple Function XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

Top Music Module 3.0 - SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15581/info Top Music Module for PHP-Nuke is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

PHP-Nuke 6.6 admin.php SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the admin.php...

PHP-Nuke 4nAlbum Module 0.92 - 'pid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28162/info The 4nAlbum module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35180/info PHP-Nuke is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

PHP-Nuke 6.x/7.x Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker cou...

PHP-Nuke 6.5 Modules.PHP Username URI Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. This may...

PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...

PHP-Nuke 7.6 Surveys Module HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13201/info PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to...

PHP-Nuke <= 8.0 Final (INSERT) Blind SQL Injection Exploit (mysql)

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Blind sql injection attack in INSERT syntax version for mysql = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection attack in...

PHP-Nuke 6.x/7.x Reviews Module order Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...