CVE-2008-1539

CVE-2008-1539 : Vulnerability in PHP-Nuke Platinum 7.6.b.5 where SQL injection occurs in includes/dynamic_titles.php. An attacker can send crafted requests to the Forums module (via the p parameter to modules.php) to execute arbitrary SQL commands remotely. The CVE is documented with a high impac...

phpnukeplat-sql.txt

!/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq userocc userfrom userinterests...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

No description provided by source. !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq...

PHP-Nuke Platinum 7.6.b.5 - dynamic_titles.php SQL Injection

PHP-Nuke Platinum 7.6.b.5 - dynamictitles.php SQL Injection !/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite...

PHP-Nuke Platinum 7.6.b.5 (dynamic_titles.php) SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== PHP-Nuke Platinum 7.6.b.5 dynamictitles.php SQL Injection Exploit ==================================================================== !/usr/bin/perl Inphex use...

PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection

!/usr/bin/perl Inphex use LWP::UserAgent; use LWP::Simple; use IO::Socket; use Switch; PHP-Nuke Platinum , ForumsStandart - magicquotesgpc = OFF , SQL Injection nukeusers Structure: userid name username useremail femail userwebsite useravatar userregdate usericq userocc userfrom userinterests...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the eWebsite eWeather Weather module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php...

CVE-2008-1348

Cross-site scripting XSS vulnerability in index.php in the eWebsite eWeather Weather module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php...

CVE-2008-1348

The CVE-2008-1348 entry describes a Cross-site Scripting (XSS) vulnerability in the eWeather (Weather) module’s index.php for PHP-Nuke, exploitable by supplying arbitrary web script or HTML through the chart parameter in modules.php. The affected component is the eWebsite eWeather module within P...

CVE-2008-1348

Cross-site scripting XSS vulnerability in index.php in the eWebsite eWeather Weather module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php...

CVE-2008-1315

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php...

Sql injection

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php...

CVE-2008-1315

The CVE-2008-1315 entry concerns the PHP-Nuke ZClassifieds module. The vulnerability is a SQL injection in the ZClassifieds module via the cat parameter to modules.php, enabling remote attackers to execute arbitrary SQL commands. Concrete affected component: PHP-Nuke ZClassifieds; underlying issu...

CVE-2008-1315

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php...

phpnukezclass-sql.txt

----- RBT-4 crew Lovebug Italy -------- Author : Lovebug Script : PHP-Nuke Module ZClassifieds cat SQL Injection Bug : modules.php?name=ZClassifieds&cat= S Q L Exploit : -9999999//union//select//pwd,aid//from//nukeauthors/where%20admin1/ Original Advisory:...

nukec30-sql.txt

------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------- ------------------------------------------------------------- = Author : HouSSaMix from H-T Team = Script : PHP-Nuke Module NukeC30 Module's Name: NukeC30 Module's Version: 3.0 ...

XSS in PHP-Nuke (eWeather module)

//////////XSS in PHP-Nuke eWeather module PHP-Nuke http://phpnuke.org: PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The Administrator has total control of his web site, registered users, and he will have in the hand a powerful assembly of tools to...

PHP-Nuke Module ZClassifieds [cat] SQL Injection

----- RBT-4 crew Lovebug Italy -------- Author : Lovebug Script : PHP-Nuke Module ZClassifieds cat SQL Injection Bug : modules.php?name=ZClassifieds&cat= S Q L Exploit : -9999999//union//select//pwd,aid//from//nukeauthors/where20admin1/ Original Advisory:...

Sql injection

SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php...

CVE-2008-1308

SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the idcatg parameter in a ViewCatg action to modules.php...