PostNuke Error.PHP本地文件包含漏洞

PostNuke一款流行的内容管理程序。 PostNuke不正确处理用户提交的url数据，远程攻击者可以利用漏洞以web权限查看系统文件内容。 问题存在于error.php脚本中，由于对PNSVlang会话变量缺少过滤，可导致包含和以web权限查看本地文件，导致敏感信息泄露。 PostNuke PostNuke CMS 0.763 PostNuke PostNuke CMS 0.762 升级到PostNuke 0.764 版本： http://www.postnuke.com/...

mixedSQL.txt

Postnuke all versions + pnphpbb =1.2 sql injection - jocanor Author: Jocanor Date: 01-03-2k5 1. -----------introduction--------. Postnuke is an open source CMS content management system, originally based in php-nuke. www.postnuke.com pnphpbb is a module for postnuke based in popular forum system...

[PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2

--------------------------------------------------------------------------- PostNuke Security Advisory PNSA 2004-2 Mark West http://www.postnuke.com/ April 17th, 2004 For contacts: http://news.postnuke.com/index.php?module=vpContact...

Postnuke: path disclosure (0.7.2.3 and prior)

Intro. What is PostNuke ? PostNuke is a weblog/Content Management System CMS. It is far more secure and stable than competing products. Home Page: http://www.postnuke.com && A vulnerability have been found in Postnuke v0.7.2.3-Phoenix & prior which allow users to determine the physical path of th...

The Books Module for the PostNuke CMS XSS Vulnerability

---------------------------------------------------- Class : input Validation Error Risk : Due to the simplicity of the attack and the number of sites that run module books the risk is classified as Medium to High. URL: Http://pn-mod-books.sourceforge.net -...