14 matches found
PHPNuke <= 8.0 SQL Injection
PHPNuke = 8.0 SQL Injection downloads.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
[Full-Disclosure] [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]
================================================================================ waraxe-2004-SA032 ================================================================================ Multiple security flaws in PhpNuke 6.x - 7.3...
[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...
[waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]
================================================================================ waraxe-2004-SA028 ================================================================================ Multiple vulnerabilities in NukeJokes module for PhpNuke...
waraxe-2004-SA028.txt
================================================================================ waraxe-2004-SA028 ================================================================================ Multiple vulnerabilities in NukeJokes module for PhpNuke...
PHPNUKE 6 XSS Vulnerabilities
http://www.phpnuke.org/modules.php?name=Search Enter: scriptalertdocument.cookie;/script in form, click Search. Needless to say these bugs won't go away. The vendor WOULD HAVE been contacted if they just gave an email address without having to subscribe to nukesupport/phpnuke - maybe I don't use...
PHP-Nuke 6.0 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5796/info Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. PHPNuke does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contai...
PHP-Nuke 6.0/6.5 - Search Form Cross-Site Scripting
source: https://www.securityfocus.com/bid/5788/info PHPNuke 6.0 is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'modules.php' script. Reportedly, the problem lies in the 'Search' page of the 'modules.php' script. It is possible for a malicious attacker to...
PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files
Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...
PHPNuke Cross Scripting...
Here a few holes that i've found in PHPNuke. 5 "Cross Site Scripting". http://phpnuke.org/modules.php? name=Downloads&dop=viewdownloaddetails&lid=0 2&ttitle=JAVASCRIPT http://phpnuke.org/modules.php? name=Downloads&dop=ratedownload&lid=118&ttitle =JAVASCRIPT http://phpnuke.org/modules.php?...
PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting
PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page,...
Доступ без пароля в PHPNuke/PostNuke (unauthorized access)
Можно обойти проверку имени пользователя...
SERIOUS BUG IN PHPNUKE
Yes, phpnuke.org, was contacted.... First take a look at: http://phpnuke.org/user.php?op=userinfo&uname=MegaHz Then, read this................. PHPnuke Bugs. After testing just a few scripts on phpnuke I have noticed the following: Some fields in the registration form allow code and fail to filte...
Fwd: Re: phpnuke, security problem...
Hi, Due to this reply, i see no reason to delay this. No patch nor new version has been released, for a quick fix, see below. Regards, Joao Gouveia ------------ [email protected] Francisco Burzi [email protected] Joao Gouveia wrote: Helo Francisco, There is yet another security flaw with the new...