EUVD-2005-1702

Malware in sbrugna...

EUVD-2005-1698

Malware in sbrugna...

CVE-2005-1700

CVE-2005-1700 affects PostNuke 0.760-RC3 via the Xanthia module. The vulnerability is an SQL injection in pnadmin.php exploitable by the riga[0] parameter, allowing remote administrators to execute arbitrary SQL commands. Connected sources corroborate SQL injection in Xanthia/Messages areas and P...

CVE-2005-1696

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 skin or 2 paletteid parameter to demo.php in the Xanthia module, or 3 the serverName parameter to config.php in the Multisites aka NS-Multisites...

CVE-2005-1699

CVE-2005-1699 : A directory traversal vulnerability exists in the Xanthia module’s pnadminapi.php (PostNuke 0.760-RC3). Remote administrators can read arbitrary files by supplying a .. (dot dot) in the skin parameter, enabling partial confidentiality impact. The provided documents do not specify ...

CVE-2005-1700

SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga0 parameter...

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to 1 theme.php or 2 Xanthia.php in the Xanthia module, 3 user.php, 4 thelang.php, 5 text.php, 6 html.php, 7 menu.php, 8 finclude.php, or 9 button.php in the pnblocks directory in the Blocks...

PT-2005-2673 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...