EUVD-2004-1941

Malware in sbrugna...

EUVD-2006-1847

Malware in sbrugna...

PHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

PHP-Nuke 6.x/7.x Your_Account Module Username Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

PhoenixCMS 1.7.0 Module(Your_Account) Remote Blind SQL Injection

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

PHP-Nuke <= 8.1.3.5 (Your_Account) Remote Command Exec Exploit

No description provided by source. PHP-Nuke = 8.1.0.3.5b Remote Command Execution Exploit Author/s: Dante90 & yawn Contact Us: www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] You will remember, Watson, how the dreadful business of the Abernetty...

PHP-Nuke 8.1.0.3.5b (Your_Account Module) - Blind SQL Injection (Benchmark Mode)

PHP-Nuke new; my $average = 0; print "+ Calculating average load time may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to modules.php\n...

CVE-2009-3520

CVE-2009-3520 is a CSRF vulnerability affecting CMSphp 0.21 in the Your_account module. Remote attackers can coerce an administrator’s browser to perform a password-change action (admin_info_user_verif) by supplying the parameters pseudo , pwd , and uid , effectively hijacking administrator authe...

CVE-2003-1400

The CVE-2003-1400 entry describes a Cross-site scripting (XSS) vulnerability in the Your_Account module of PHP-Nuke versions 5.0 through 6.0. The issue arises from an input vector in the user_avatar parameter, allowing remote attackers to inject arbitrary web script or HTML. Affected software: PH...

CVE-2006-1846

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

Cross site scripting

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

Sql injection

SQL injection vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the userid parameter in the YourHome functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2006-1847

PHP-Nuke 7.8contains an SQL injection in the Your_Account module, exploitable via the user_id parameter in Your_Home, allowing remote execution of arbitrary SQL as described by NVD and corroborated by other sources. The public documents do not specify a patch or workaround.

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...

CVE-2006-0679

PHP-Nuke 7.8 and earlier is vulnerable to a SQL injection in the Your_Account module (index.php) via the username field, enabling remote attackers to manipulate SQL queries. The vulnerability is demonstrated in the Your_Account workflow (e.g., new_user) where user input is not properly sanitized ...

[Full-disclosure] Critical SQL Injection PHPNuke <= 7.8 - Your_Account module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityAlert SA032 Author: sp3x CVE : CVE-2006-0679 Date: 16. February 2006 Affected software : =================== PHPNuke version : 7.8 with all security fixes/patches Not Affected software : ======================= PHPNuke version : 7.9 + patch 3....

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...