PostNuke 0.750 - 'readpmsg.php' SQL Injection

!/usr/bin/perl This tools is only for educational purpose K-C0d3r a x0n3-h4ck friend !!! This exploit should give admin nick and md5 password -= PostNuke SQL Injection version : x= 0.750=- -= =- -= Discovered by sp3x =- -= Coded by K-C0d3r =- -= irc.xoned.net x0n3-h4ck to find me...

CVE-2005-1777

CVE-2005-1777 is a SQL injection flaw in PostNuke 0.750 (readpmsg.php) exploitable via the start parameter to execute arbitrary SQL. Connected sources corroborate the issue and indicate that FreeBSD/VuXML entries and OpenVAS tests flag multiple advisories about PostNuke components, with advisorie...

CVE-2005-1777

SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter...

CVE-2005-1778

CVE-2005-1778 describes a cross-site scripting (XSS) vulnerability in PostNuke 0.750, exploitable via the start parameter in readpmsg.php. The affected component is readpmsg.php within PostNuke, enabling remote attackers to inject arbitrary web script or HTML. The available connected documents co...

postnukeInclusion.txt

Product : Postnuke 0.750 http://www.postnuke.com Description: Postnuke 0.750 - 0.760rc4 local file inclusion Severity: High Description =========== Postnuke is Web Content Management System written in PHP and using mysql as database backend. Detail ====== Directory traversal in function pnModFunc...

CVE-2005-1694

Technical details (affected product/version, root cause, exploit, impact) are not publicly provided in the supplied documents; monitor for updates.