Bypass XSS filter in PHPNUKE 7.9=>x

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bypass XSS filter in PHPNUKE 7.9=x cXIb8O3.21 Author: Maksymilian Arciemowicz cXIb8O3 Date: 14.12.2005 from SECURITYREASON.COM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online community or whatever yo...

PHP-Nuke 7.x - Content Filtering Bypass

PHP-Nuke 7.x - Content Filtering Bypass source: https://www.securityfocus.com/bid/15855/info PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks...

SA027.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityAlert SA027 Author: sp3x GPG: http://securityreason.com/key/sp3x.gpg Date: 15. November 2005 Affected software : =================== PHPNuke version : 7.8 with all security fixes/patches Not Affected software : ======================= PHPNuke...

Critical SQL Injection PHPNuke <= 7.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityAlert SA027 Author: sp3x GPG: http://securityreason.com/key/sp3x.gpg Date: 15. November 2005 Affected software : =================== PHPNuke version : 7.8 with all security fixes/patches Not Affected software : ======================= PHPNuke...

phpnuke78sql.txt

PHPNuke 7.8 with all security fixes/patches "Downloads", "WebLinks" & "YourAccount" SQL INjection - remote commands execution poc exploit there are a lot of unsanitized vars in every module, as I can see, so if magicquotesgpc is Off - SQL INJECTION 1 you can go to "Your Account" and submit a...

PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution

PHPNuke 7.8 with all security fixes/patches "Downloads", "WebLinks" & "YourAccount" SQL INjection - remote commands execution poc exploit there are a lot of unsanitized vars in every module, as I can see, so if magicquotesgpc is Off - SQL INJECTION 1 you can go to "Your Account" and submit a...

PHP-Nuke 7.8 - SQL Injection / Remote Command Execution

?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...

PHP-Nuke 7.8 SQL Injection / Remote Command Execution Exploit

Exploit for unknown platform in category web applications ============================================================= PHP-Nuke 7.8 SQL Injection / Remote Command Execution Exploit ============================================================= ?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8...

PHP-Nuke 7.8 - SQL Injection Remote Command Execution

PHP-Nuke 7.8 - SQL Injection Remote Command Execution ?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site:...

PHP-Nuke 7.8 SQL Injection / Remote Command Execution Exploit

No description provided by source. ?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make the...

PHP-Nuke Search Module - 'modules.php' Directory Traversal

source: https://www.securityfocus.com/bid/15137/info PHPNuke Search Module is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. A remote attacker may view files that are only intended to be accessible to authenticated and authorized...

SecurityAlert SA025 : PHPNuke Remote Directory Traversal

Author: sp3x Date: 19. October 2005 Affected software : =================== PHPNuke version : 7.8 - 7.9 + patch 3.1 Description : ============= PHP-Nuke is a Web Portal System, storytelling software, News system, online community or w hatever you want to call it. The goal of PHP-Nuke is to have a...

pearxmlrpc.pl.txt

!/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoops, phpnuke and other cms...

XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit

No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...

waraxe-2005-SA041.txt

================================================================================ waraxe-2005-SA041 ================================================================================ Critical Sql Injection in PhpNuke 6.x-7.6 Top module...

[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpnuke 7.6 Multiple vulnerabilities in WebLinks Module cXIb8O3.14 Author: Maksymilian Arciemowicz cXIb8O3 Date: 6.4.2005 from securityreason.com TEAM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online...

PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)

No description provided by source. /bin/bash This is just basic-ly modules.php?name=Top&querylang=union%20select%200,pwd,0,0%20from%20nukeauthors%20where%20radminsuper=1 works thou /str0ke PHPNuke Top Module Remote SQL Injection by Fabrizi Andrea 2005 andrea.fabrizi at gmail.com Work with the...

PHP-Nuke 6.x < 7.6 Top module - SQL Injection

/bin/bash This is just basic-ly modules.php?name=Top&querylang=union%20select%200,pwd,0,0%20from%20nukeauthors%20where%20radminsuper=1 works thou /str0ke PHPNuke Top Module Remote SQL Injection by Fabrizi Andrea 2005 andrea.fabrizi at gmail.com Work with the PHPNuke latest version! URL=$1;...

PHP-Nuke 6.x 7.6 Top module - SQL Injection

PHP-Nuke 6.x 7.6 Top module - SQL Injection /bin/bash This is just basic-ly modules.php?name=Top&querylang=union%20select%200,pwd,0,0%20from%20nukeauthors%20where%20radminsuper=1 works thou /str0ke PHPNuke Top Module Remote SQL Injection by Fabrizi Andrea 2005 andrea.fabrizi at gmail.com Work wit...

[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module

================================================================================ waraxe-2005-SA041 ================================================================================ Critical Sql Injection in PhpNuke 6.x-7.6 Top module...