PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln

No description provided by source. htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by &...

htmltonuke-rfi.txt

htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...

PHP-Nuke IFrame Module IFrame.PHP远程文件包含漏洞

PHP-Nuke IFrame Module是一款基于PHP的WEB应用程序。 PHP-Nuke IFrame Module不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'IFrame.PHP'脚本对用户提交的'file'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 PHP-Nuke iFrame Module 目前没有解决方案提供： http://phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=3...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

Cross site request forgery (csrf)

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

CVE-2007-1520

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

CVE-2007-1519

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1520

The CVE-2007-1520 issue affects PHP-Nuke 8.0 and earlier, where CSRF protection fails to verify that the SERVER superglobal is an array before validating HTTP_REFERER. This logic flaw enables CSRF attacks against vulnerable PHP-Nuke installations. The vulnerability is described in multiple source...

CVE-2007-1519

PHP-Nuke (versions 8.0 and earlier) is affected by a cross-site scripting (XSS) issue in modules.php, exploitable via the query parameter in the Downloads module search. This is a remote XSS vulnerability in PHP-Nuke INP/Downloads search path; the exact root cause is a failure to sanitize input i...

CVE-2007-1520

The cross-site request forgery CSRF protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTPREFERER, which allows remote attackers to conduct CSRF attacks...

PHP-Nuke Module htmltonuke 2.0alpha - 'htmltonuke.php' Remote File Inclusion

htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork : "/nuke/htmltonuke.php" - "htmltonuke.php" Found by & Contact : Cold z3ro ,...

PT-2007-2909 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...

PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln

Exploit for unknown platform in category web applications ============================================================= PHP-Nuke Module htmltonuke 2.0alpha htmltonuke.php RFI Vuln ============================================================= htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.p...

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion

PHP-Nuke Module htmltonuke 2.0alpha - htmltonuke.php Remote File Inclusion htmltonuke 2.0alpha for postnuke & PHP-Nukehtmltonuke.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=ddAvVTUSs file : /htmltonuke.php Dork :...

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion

!/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php"; -------- Line : 19 Dork: "Splatt Forum©" Discovered & Coded...

PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit

Exploit for unknown platform in category web applications ================================================================ PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion Exploit ================================================================ !/usr/bin/perl Modulo Splatt Forum v4.0...

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion

PHP-Nuke Module splattforum 4.0 RC1 - Local File Inclusion !/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php";...

PHP-Nuke - iframe.php Remote File Inclusion

PHP-Nuke - iframe.php Remote File Inclusion iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...

PHP-Nuke - 'iframe.php' Remote File Inclusion

iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] , http://hack-teach.com/ ifsubstr$file,-4!=".htm" ...

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...