PHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

PostNuke 0.72x Stats Module Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provi...

PHP-Nuke Sections Module - 'artid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27879/info The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacke...

PHP-Nuke KutubiSitte Module - 'kid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28126/info The KutubiSitte module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

NukeCalendar 1.1 .a block-Calendar1.php Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

PHP-Nuke 6.0 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in...

PHP-Nuke 0-7 Delete God Admin Access Control Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke God Admin account...

PHP-Nuke 6.x/7.x FAQ Module categories Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

PHP-Nuke 2.0 AutoHTML Module Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts...

PHP-Nuke <= 8.1.0.3.5b (Your_Account Module) Remote Blind SQL Injection (Benchmark Mode)

No description provided by source. PHP-Nuke = 8.1.0.3.5b YourAccount Module Remote Blind SQL Injection Benchmark Mode Author: yawn Contact Me: http://www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] | Dante90 You will remember, Watson, how the...

PHP-Nuke zClassifieds Module - 'cat' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28211/info The zClassifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-Nuke Gallery 1.3 Module - 'artid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27957/info The Gallery module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

PHP-NUKE version <= 6.9 - 'cid' SQL Injection Remote Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; THIS CODE PUBLIC NOW = \ \ / | \ | / | / / \ | | \ | /\ \ / || /// | / / / / based on 'cid' sql injection vuln in Download module, more info about this vuln u can see here: http://rst.void.ru/texts/advisory10.htm work only...

PHP-Nuke 6.0 Web Mail Remote PHP Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that...

PHP Nuke 5.0 'user.php' Form Element Substitution Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas...

PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or oth...

PHP-Nuke 6.x/7.x Score Subsystem score Variable DoS

No description provided by source. source: http://www.securityfocus.com/bid/10524/info PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple...

PHP-Nuke 7.1 Recommend_Us Module fname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname'...

PHP-Nuke 6.0 Web Mail Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email...

PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local...