CVE-2004-2031

Cross-site scripting XSS vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 MSN, or 3 AIM fields...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

Binary data 2808.prm...

CVE-2005-0474

SQL injection vulnerability in the uservalidcrypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendarsession cookie...

CVE-2005-0474

SQL injection vulnerability in the uservalidcrypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendarsession cookie...

CVE-2005-0474

CVE-2005-0474 is a SQL injection vulnerability in WebCalendar 0.9.45. The issue affects the user_valid_crypt function in user.php, allowing remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. Multiple sources (NVD/NVDCV, CVE lists, and Nessus/NASL feeds) ...

CVE-2004-2031

Cross-site scripting XSS vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 MSN, or 3 AIM fields...

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

PostNuke 0.723 - user.php UNAME Cross-Site Scripting

PostNuke 0.723 - user.php UNAME Cross-Site Scripting source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML...

PostNuke 0.723 - &#039;user.php&#039; UNAME Cross-Site Scripting

source: https://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visit...

postnuke v 0.7.0.3 remote command execution

post nuke is one of popular content management system written in php . there are bug in file user.php line 107 which user can append $caselist array with their own value. foreach $caselist as $k=$v $ModName = $v'module'; include "$vpath/$k"; $caselist = array;...

PostNuke 0.703 - caselist Arbitrary Module Include

source: https://www.securityfocus.com/bid/4381/info PostNuke is a content management system originally forked from the PHP-Nuke project. It is implemented in PHP, and available for Windows, Linux and other Unix based systems. A vulnerability has been reported in some versions of PostNuke...

CVE-2001-1521

Cross-site scripting XSS vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter...

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page,...

PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - &#039;user.php?uname&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by...

All PHP-Nuke versions affected!!!

Hi! Recentely the "fixed" version of the user.php script was released. The vulnerability was reported in the article which can be read in http://www.phpnuke.org/article.php?sid=251. This new version though still allows any registered user to alter the password and other personal details of other...