4 matches found
CVE-2005-1700
CVE-2005-1700 affects PostNuke 0.760-RC3 via the Xanthia module. The vulnerability is an SQL injection in pnadmin.php exploitable by the riga[0] parameter, allowing remote administrators to execute arbitrary SQL commands. Connected sources corroborate SQL injection in Xanthia/Messages areas and P...
CVE-2005-1699
CVE-2005-1699 : A directory traversal vulnerability exists in the Xanthia module’s pnadminapi.php (PostNuke 0.760-RC3). Remote administrators can read arbitrary files by supplying a .. (dot dot) in the skin parameter, enabling partial confidentiality impact. The provided documents do not specify ...
CVE-2005-1049
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...
CVE-2005-1049
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...