PHP-Nuke Nuke League Module - 'tid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31952/info PHP-Nuke Nuke League module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

PHP-Nuke管理权限泄露

PHP-Nuke Web Portal System存在一个权限确认错误，通过提交一个特殊的URL请求， 远程用户有可能获取管理员权限。 1.0/2.5 升级到PHP-Nuke 3.0: Francisco Burzi PHP-Nuke 2.5: Francisco Burzi upgrade Nuke-3.0.tar.gz http://www.ncc.org.ve/php-nuke.php3?op=download&location=http://download.sourceforge.net/phpnuke&file=PHP-Nuke-3.0.tar.gz Francisco...

PHP-Nuke Sarkilar Module - 'id' SQL Injection

source: https://www.securityfocus.com/bid/31830/info Sarkilar module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

PHP-Nuke Sarkilar Module - id SQL Injection

PHP-Nuke Sarkilar Module - id SQL Injection source: https://www.securityfocus.com/bid/31830/info Sarkilar module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow ...

phpnukereview2-sql.txt

!/usr/bin/perl -w PHP-NUKE module Reviews2 id SQL injetion vulnerability Author : boom3rang Kosova Hackers Group www.khg-crew.ws Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er. ! ModuleName: Reviews2 ! ScriptName: PHP-NUKE ! GoogleDork: inurl:"modules.php?name=Reviews2" system"color FF0000";...

Cross-Site Scripting vulnerability in PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе PHP-Nuke. XSS: http://site/modules.php?name=News&file=print&sid=3Cscript20src=http://site/script.js20 Уязвима версия PHP-Nuke 7.0 и предыдущие версии. Дополнительная информация о данной уязвимости у меня н...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: crossite scripting...

CVE-2008-3573

The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...

CVE-2008-3573

The CVE-2008-3573 vulnerability affects the CAPTCHA implementations in Pligg 9.9.5 and possibly PHP-Nuke 8.1. A critical ts_random value is embedded in the IMG SRC URL, allowing remote attackers to pass the CAPTCHA by calculating a value that combines ts_random with the current date and the HTTP ...

CVE-2008-3573

The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...

CVE-2008-3513

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php...

Sql injection

SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php...

Sql injection

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php...

CVE-2008-3512

SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php...

CVE-2008-3513

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php...

CVE-2008-3512

The CVE-2008-3512 entry concerns a SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke. The affected component is the module’s visit action in modules.php, where the lid parameter is unsafely used in SQL queries. This allows remote attackers to craft input that could alter or exf...

CVE-2008-3512

SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php...

CVE-2008-3513

The CVE-2008-3513 entry describes a SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke. The flaw is triggered via the catid parameter in a category action to modules.php, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is rated HIGH with a CVSS ...

phpnukeklein-sql.txt

Rbt-4 crew http://www.rbt-4.net Author : Lovebug ---------------------------- Remote Sql injection Php-Nuke module name Kleinanzeigen modules.php?name=Kleinanzeigen&aop=visit&lid=sql Exploit username :...

PHP-Nuke Kleinanzeigen Module - lid SQL Injection

PHP-Nuke Kleinanzeigen Module - lid SQL Injection source: https://www.securityfocus.com/bid/30577/info The Kleinanzeigen module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this iss...