11 matches found
EUVD-2005-2597
Malware in sbrugna...
EUVD-2007-0387
Malware in sbrugna...
EUVD-2007-1155
Malware in sbrugna...
CVE-2006-0800
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...
PostNuke 0.76 RC4b Comments Module - moderate Cross-Site Scripting
PostNuke 0.76 RC4b Comments Module - moderate Cross-Site Scripting source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead ...
postnukeSQL.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah GET...
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Critical XSS 0.760-RC2=x cXIb8O3.2 Author: cXIb8O3Maksymilian Arciemowicz Date: 19.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
PostNuke 0.7x - Install Script Administrator Password Disclosure
source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...
PostNuke 0.7x - Install Script Administrator Password Disclosure
PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...
PostNuke Glossary Module page Parameter SQL Injection
The remote host is running a version of PostNuke which is vulnerable to a SQL injection attack. An attacker may use this flaw to gain the control of the database of this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of...