EUVD-2006-1847

Malware in sbrugna...

EUVD-2004-1941

Malware in sbrugna...

PHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13010/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

PHP-Nuke 8.1.0.3.5b (Your_Account Module) - Blind SQL Injection (Benchmark Mode)

PHP-Nuke new; my $average = 0; print "+ Calculating average load time may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to modules.php\n...

CVE-2009-3520

CVE-2009-3520 is a CSRF vulnerability affecting CMSphp 0.21 in the Your_account module. Remote attackers can coerce an administrator’s browser to perform a password-change action (admin_info_user_verif) by supplying the parameters pseudo , pwd , and uid , effectively hijacking administrator authe...

CVE-2003-1400

The CVE-2003-1400 entry describes a Cross-site scripting (XSS) vulnerability in the Your_Account module of PHP-Nuke versions 5.0 through 6.0. The issue arises from an input vector in the user_avatar parameter, allowing remote attackers to inject arbitrary web script or HTML. Affected software: PH...

Cross site scripting

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...

CVE-2006-0679

PHP-Nuke 7.8 and earlier is vulnerable to a SQL injection in the Your_Account module (index.php) via the username field, enabling remote attackers to manipulate SQL queries. The vulnerability is demonstrated in the Your_Account workflow (e.g., new_user) where user input is not properly sanitized ...

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-1027

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in the YourAccount module, 2 avatarcategory parameter in the YourAccount module, or 3 lid parameter in the Downloads module...

CVE-2005-1028

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 index.php with the forumadmin parameter set, 2 the Surveys module, or 3 the YourAccount module, which reveals the path in a PHP error message...

CVE-2005-1000

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the bid parameter to the EmailStats op in banners.pgp, 2 the ratenum parameter in the TopRated and MostPopular actions in the WebLinks module, 3 the ttitle paramet...

PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicio...

PHP-Nuke 6.x7.x Your_Account Module - Username Cross-Site Scripting

PHP-Nuke 6.x7.x YourAccount Module - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/13007/info It is reported that the PHP-Nuke 'YourAccount' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...

CVE-2004-1949

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via 1 the sif parameter to index.php in the Comments module or 2 timezoneoffset parameter to changeinfo.php in the YourAccount module...