CVE-2010-5083

SQL injection vulnerability in the WebLinks module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php...

CVE-2010-5083

CVE-2010-5083 : A SQL injection vulnerability exists in the Web_Links module of PHP-Nuke 8.0, allowing remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. The issue is caused by unsanitized input in that parameter, with potential partial confi...

PHP-Nuke 8.1.0.3.5b Downloads Remote Blind SQL Injection

!/usr/bin/perl 0-Day PHP-Nuke newPOST = $HostName.'modules.php?name=Downloads&dop=Add'; my $Cookies = new HTTP::Cookies; my $UserAgent = new LWP::UserAgent agent = 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, defaultheaders = HTTP::Headers-new, or die $!; my $WaRWolFz =...

PHP-Nuke 8.1.0.3.5b - Downloads Blind SQL Injection

PHP-Nuke 8.1.0.3.5b - Downloads Blind SQL Injection !/usr/bin/perl 0-Day PHP-Nuke newPOST = $HostName.'modules.php?name=Downloads&dop=Add'; my $Cookies = new HTTP::Cookies; my $UserAgent = new LWP::UserAgent agent = 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, defaultheaders =...

PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day PHP-Nuke = 8.1.0.3.5b Downloads Remote Blind SQL Injection Exploit Date: 2010.07.04 after 50 days the bug was discovered. Author/s: Dante90, WaRWolFz Crew Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, N.o.3.X, RingZero, s3rg3770,...

PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection

!/usr/bin/perl 0-Day PHP-Nuke newPOST = $HostName.'modules.php?name=Downloads&dop=Add'; my $Cookies = new HTTP::Cookies; my $UserAgent = new LWP::UserAgent agent = 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, defaultheaders = HTTP::Headers-new, or die $!; my $WaRWolFz =...

PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection

Exploit for php platform in category web applications !/usr/bin/perl 0-Day PHP-Nuke newPOST = $HostName.'modules.php?name=Downloads&dop=Add'; my $Cookies = new HTTP::Cookies; my $UserAgent = new LWP::UserAgent agent = 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, defaultheaders =...

CVE-2011-3784

Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files...

Information disclosure

Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files...

CVE-2011-3784

Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files...

CVE-2011-3784

CVE-2011-3784 affects PHP-Nuke 8.0 and enables information disclosure by requesting a .php file, which then reveals the installation path in an error message (e.g., themes/Odyssey/theme.php). The root cause is error handling that leaks filesystem paths to remote attackers. Documented impact is se...

PHP-Nuke article.php SQL Injection

Coded By : darkTR - CodeHunters http://www.1337day.com/exploits/16550 Demo : http://www.moravanszky.com/article.php?sid=24 Site adresini açýklý kýsým olarak girin www.site.com/article.php?sid=24 þeklinde import re, time, urllib2 hedef = rawinput"Site adiniz giriniz:" sorgu =...

PHP-Nuke 'sid' Parameter SQL Injection Vulnerability

PHP-Nuke is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpnuke:php-nuke";...

PHP-Nuke (article.php) Sql Injection Vulnerability

Exploit for php platform in category web applications Exploit Title:PHP-Nukearticle.php Sql Injection Vulnerability Date: 21/7/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-InjectionathotmailDotcom Vendor or Software Link:http://phpnuke.org/ Version: N/A Category::...

PHP-NUKE Remote read config Vulnerability

Exploit for php platform in category web applications Exploit Title:PHP-NUKE remote read config Vulnerability Date: 6/6/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-Injectionathotmail.com Vendor or Software Link:http://phpnuke.org Version: n/a Category:: webapps...

PHP-Nuke Multiple Vulnerabilities

PHP-Nuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpnuke:php-nuke"; ifdescription...

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

CVE-2011-1481

Multiple cross-site scripting XSS vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sendername or 2 senderemail parameter in a Feedback action to modules.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sendername or 2 senderemail parameter in a Feedback action to modules.php...

Sql injection

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...