PHP-Nuke News Submission Story Text Field XSS

No description provided by source. source: http://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input before using it in dynamically...

PHP-Nuke Yellow_Pages Module - 'cid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28109/info The YellowPages module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke <= 8.0 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PHP-Nuke = 8.0 News Remote SQL Injection Exploit Created: 2010.04.23 after 3 days the bug was discovered. Author/s: Dante90 & The:Paradox, WaRWolFz Crew Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770, Shade...

PHP-Nuke 5.x/6.0/6.5 BETA 1 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6244/info everal cross site scripting vulnerabilities have been reported for PHP-Nuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script cod...

PHP-Nuke Advertising Module 0.9 Modules.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26406/info The PHP-Nuke Advertising Module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allo...

php-nuke platinum 7.6.b.5 - Remote File Inclusion Vulnerability

No description provided by source. ---------------------------------------------- GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEaTs To ---------------------------------------------- A2J, Chucks, The Pitbull, ICQBomber, str0ke ---------------------------------------------- BiG sHoUt OuT tO udplink.net &...

PHP-Nuke 7.x Block-Old_Articles.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22037/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PHP-Nuke-8.1-seo-Arabic Remote File Include

No description provided by source...

PHP-Nuke Kleinanzeigen Module 'lid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30577/info The Kleinanzeigen module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow a...

NukeCalendar 1.1 .a eid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or oth...

PHP-Nuke 6.0 - Multiple Path Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. Exploiting this issue will cause the target server t...

PHP-Nuke 6.x/7.x Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could...

PHP-Nuke Module Addressbook 1.2 - Local File Inclusion Exploit

No description provided by source. !Perl PHP-Nuke Module Addressbook 1.2 Local File Inclusion Exploit Vendor: http://www.sb-websoft.com/index.php?name=CmodsDownload&file=index&req=getit&lid=14 Vulnerable Code: requireoncemodules/$modulename/include/func.inc.php; Coded by bd0rk || SOH-Crew Greetz:...

PHP-Nuke Hadith Module - 'cat' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28171/info The Hadith module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke 1.0/2.5 Administrative Privileges Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem occurs...

NukeCalendar 1.1 .a block-Calendar_center.php Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

PHP-Nuke <= 8.0 Final (HTTP Referers) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version, when 'HTTP Referers' block is on Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT synta...

PHP-Nuke NukeC30 3.0 Module - 'id_catg' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28197/info The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke Downloads Module - 'sid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27932/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...