PhpNuke Admin password can be stolen !

PhpNuke Admin password can be stolen ! by Cabezon Aurйlien | [email protected] http://www.isecurelabs.com/article.php?sid=229 FR VERSION + screen shot Vulnerable : PhpNuke 5.1 Other version : not tested PostNuke : not tested 1 Introduction I have found a way to stole PhpNuke Admin...

Доступ без пароля в PHPNuke/PostNuke (unauthorized access)

Можно обойти проверку имени пользователя...

Обратный петь в директории PHPNuke/Gallery (directory traversal)

Обрытный путь в параметре include PHP-скрипта modules.php...

Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution

-- Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution -- Problem discovered: 16/11/2001 by Cabezon Aurйlien | [email protected] http://www.isecurelabs.com/article.php?sid=209 -- Description -- This Phpnuke addon includes web frontends for the following nix...

Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)

----- IMPACT ----- If an attacker knows the username and userid of a user on a PostNuked system, it is possible to log in as the user without specifying a password. Userid/username is usually available from the Members list. A fix is available at the end of this document. ----- AFFECTED VERSIONS...

3 phpnuke bugs (2 possibly lead to admin privs)

phpnuke www.phpnuke.org is an opensource webpage portal powers many websites on the net. Version 5.x of phpnuke does not properly check some variables, and is vulnerable to an attack that gives an intruder admin privileges. This is only possible if the intruder knows the database name that phpnuk...

SERIOUS BUG IN PHPNUKE

Yes, phpnuke.org, was contacted.... First take a look at: http://phpnuke.org/user.php?op=userinfo&uname=MegaHz Then, read this................. PHPnuke Bugs. After testing just a few scripts on phpnuke I have noticed the following: Some fields in the registration form allow code and fail to filte...

Another bug in phpNuke

Yes, i have found some bugs also... You can execute artibility mysql statments in many of its different scripts... reviews.php for example.. The parmenter with the id reviews.php?id=blah think doesn't check... so you can simply do reviews.php?id=12345 or ........ blah blah blah I don't think its...

Relative Vulnerability in Phpnuke XML parser

";phpinfo;// The title of this article could have phpNuke's parser acting strange if inserted as is in the backend xml file called every hour. sAvAte inc. Serial Savate System advisory --------------------------------------- xxxxxxxxxxxx.adv.en Program: PHPNUKE Homepage: http://www.phpnuke.org...

PHPNUKE4.4.1a Advisory

r 0 t t e n d e v 1 c e C r e w r0tten dev1ce Crew A r g e n t i n i a n S e c u r i t y G r o u p Argentinian Security Group advisory --------------------------------------- rdC270201.adv.en Programa: PHP-NUKE Vendor Homepage: http://www.phpnuke.org Vendor Contacted: 27/feb/2001 Vendor Response:...

Fwd: Re: phpnuke, security problem...

Hi, Due to this reply, i see no reason to delay this. No patch nor new version has been released, for a quick fix, see below. Regards, Joao Gouveia ------------ [email protected] Francisco Burzi [email protected] Joao Gouveia wrote: Helo Francisco, There is yet another security flaw with the new...