CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

Sql injection

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

Directory traversal

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter...

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter...

CVE-2007-1449

CVE-2007-1449 affects PHP-Nuke 8.0 and earlier. A directory-traversal flaw in mainfile.php allows remote attackers to read arbitrary files by supplying ".." in the lang parameter, enabling partial confidentiality impact. Root cause: insufficient input validation in the lang parameter. The connect...

CVE-2007-1450

The CVE-2007-1450 issue affects PHP-Nuke 8.0 and earlier, where an SQL injection flaw in mainfile.php enables remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Affected component is the mainfile.php entry point used by the PHP-Nuke framework; roo...

phpnuke80-cookie.txt

///////////////////////////////////////////////////////////////////////////////////////////////////// PHPNuke Preferences - Multilingual Options- On Activate Multilingual features? = YES ///////////////////////////////////////////////////////////////////////////////////////////////////// Bug is...

Php Nuke POST Cross Site Scripting On Steroids

Php Nuke POST XSS on steroids Name Php Nuke POST XSS on steroids Systems Affected PHP =4.0.7 =4.0.7 8 --- 8 --- 8 --- 8 --- testsuite.sh --- 8 --- 8 --- 8 --- 8 !/bin/bash cat REQ TOKEN POST /modules.php?name=Downloads&dop=search&query= HTTP/1.1 Host: www.phpnuke.org User-Agent: Mozilla/5.0 X11; ...

Remote file inclusion

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tplpgbmoddir parameter...

NukeSentinel 2.5.06 - SQL Injection

NukeSentinel 2.5.06 - SQL Injection !/usr/bin/php = 4.0.24 Exploit --- ----------------------------------------------------------------------- PHP conditions: none CMS conditions: disableswitch URL: http://www.acid-root.new.fr/ ---------------------------------------------------------------------...

PHP-Nuke <= 8.0 Cookie Manipulation (lang)

///////////////////////////////////////////////////////////////////////////////////////////////////// PHPNuke = 8.0 Cookie Manipulation lang PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: All version BUG: Cookie Manipulation lang SQL Injection + Local file include AUTHOR: Aleksandar aka...

CVE-2007-1372

CVE-2007-1372 is a PHP remote file inclusion vulnerability in the PostGuestbook 0.6.1 module for PHP-Nuke. The underlying issue is an insecure handling of the tpl_pgb_moddir parameter in styles/internal/header.php, allowing an attacker to supply a URL and remotely execute arbitrary PHP code. The ...

Php Nuke POST XSS on steroids

Php Nuke POST XSS on steroids Name Php Nuke POST XSS on steroids Systems Affected PHP =4.0.7 =5.2.1, GLOBALS OFF, Php Nuke 8.0 and others partially verified Severity Medium Vendor http://php nuke.org/ Advisory http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ Authors Francesco ascii Ongaro...

PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability

No description provided by source. PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greetz To Tryag-Team & 4lKaSrGoLd3n-Team &...

PHP-Nuke Module PostGuestbook 0.6.1 - 'tpl_pgb_moddir' Remote File Inclusion

PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greetz To Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group V.Code include...

PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability

Exploit for unknown platform in category web applications ====================================================================== PHP-Nuke Module PostGuestbook 0.6.1 tplpgbmoddir RFI Vulnerability ====================================================================== PostGuestbook...

PHP-Nuke Module PostGuestbook 0.6.1 - tpl_pgb_moddir Remote File Inclusion

PHP-Nuke Module PostGuestbook 0.6.1 - tplpgbmoddir Remote File Inclusion PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greet...

phpnuke80-blindsql.txt

------=Part7054910889112.1171994685834 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello, it is my new advisory: Problem:Blind sql injection attack in INSERT syntax Product:PHP-nuke =8.0 Web page:http://phpnuke.org/...

CVE-2007-1061

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header HTTPREFERER variable...