PHPNuke 6.0/6.5 Search Form Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5788/info PHPNuke 6.0 is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'modules.php' script. Reportedly, the problem lies in the 'Search' page of the 'modules.php' script. It is...

PHPNuke 6.0/6.5 Forum Module Viewforum.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through...

waraxe-2004-SA010.txt

=============================================================================== = waraxe-2004-SA010 =============================================================================== = Multiple vulnerabilities in Error Manager v2.1 for PhpNuke...

Multiple XSS vulnerabilites in PHPNuke

Multiple XSS Vulnerabilities in PHPNuke 6.0 ------------------------------------------- Summary: We have found 7 diferent cross-site-scripting vulnerabilities in PHPNuke 6.0 which allow for anyone to steal the authentication cookies from users and Administrators. Some of them include several ways...

XSS bug in PHPNuke 6.0

Vulnerable systems: PHPNuke 6.0 & mabey all Exploit: 1- go to http://traget/modules.php?name=Downloads&dop=search 2- put in form search this code : Scriptjavascript:alertdocument.cookie/Script 3- click "Search" without "" you can't use it an URL like this http://traget/modules.php?...