38 matches found
CVE-2006-0146
CVE-2006-0146 affects ADOdb for PHP (before 4.70) used by Moodle, Cacti, Mantis, PostNuke, Xaraya, PHPOpenChat, MAXdev MD-Pro, MediaBeez, etc. The vulnerability arises from the MySQL root password being empty, enabling remote SQL execution via the sql parameter. Connected OpenVAS advisories corro...
CVE-2006-0147
The CVE-2006-0147 issue is a dynamic code evaluation vulnerability in ADOdb for PHP (tests/tmssql.php) prior to version 4.70, permitting remote attackers to execute arbitrary PHP functions via the do parameter (demonstrated with phpinfo). It affects multiple products that vendor-integrate ADOdb, ...
CVE-2005-1699
CVE-2005-1699 : A directory traversal vulnerability exists in the Xanthia module’s pnadminapi.php (PostNuke 0.760-RC3). Remote administrators can read arbitrary files by supplying a .. (dot dot) in the skin parameter, enabling partial confidentiality impact. The provided documents do not specify ...
CVE-2005-1700
CVE-2005-1700 affects PostNuke 0.760-RC3 via the Xanthia module. The vulnerability is an SQL injection in pnadmin.php exploitable by the riga[0] parameter, allowing remote administrators to execute arbitrary SQL commands. Connected sources corroborate SQL injection in Xanthia/Messages areas and P...
CVE-2006-0800
CVE-2006-0800 affects PostNuke 0.761 and earlier. An interpretation conflict allows remote attackers to perform cross-site scripting (XSS) via HTML tags with a trailing “” while bypassing blacklist protections in pnVarCleanFromInput (pnAPI.php), pnSecureInput (pnAntiCracker.php), and the htmltext...
CVE-2005-1696
The CVE-2005-1696 entry applies to PostNuke, affecting versions 0.750 and 0.760RC3. It describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via (1) the skin or (2) the paletteid parameter to demo.php in the Xanthia module, or (3...
CVE-2005-0617
CVE-2005-0617 describes an SQL injection vulnerability in PostNuke versions 0.750 and 0.760-RC2 that allows remote attackers to execute arbitrary SQL commands via the show parameter in dl-search.php. The issue is confirmed by the NVD entry and related OpenVAS/Nessus advisories referencing PostNuk...
CVE-2005-1777
CVE-2005-1777 is a SQL injection flaw in PostNuke 0.750 (readpmsg.php) exploitable via the start parameter to execute arbitrary SQL. Connected sources corroborate the issue and indicate that FreeBSD/VuXML entries and OpenVAS tests flag multiple advisories about PostNuke components, with advisorie...
CVE-2007-0384
CVE-2007-0384 describes a cross-site scripting (XSS) vulnerability in the preview functionality of the reviews section of PostNuke 0.764. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available connected records confirm the affected product/...
CVE-2005-2690
CVE-2005-2690 : PostNuke 0.760-RC4b is affected in the Downloads module. The vulnerability is a SQL injection in the dl-viewdownload.php script triggered via the show parameter, allowing an attacker to modify or execute SQL commands. Some sources indicate exploitation requires admin rights and co...
CVE-2001-0911
CVE-2001-0911 affects PHP-Nuke 5.1, where user and administrator passwords are stored in a base-64 encoded cookie. This could allow remote attackers to gain privileges by stealing/sniffing the cookie and decoding it. The connected sources corroborate the cookie-based credential exposure, but no p...
CVE-2004-1949
The CVE concerns PostNuke prior to 7.2.6 with a SQL injection vulnerability that allows remote attackers to run arbitrary SQL. The flaw is triggered by input parameters in two modules: (1) sif in index.php of the Comments module, and (2) timezoneoffset in changeinfo.php of the Your_Account module...
CVE-2002-0535
CVE-2002-0535 covers cross-site scripting in PostBoard 2.0.1 and earlier. The vulnerability enables remote attackers to execute script in the context of other users via (1) an IMG tag when BBCode is enabled, or (2) in a topic title. Documents confirm affected software/version and the underlying a...
CVE-2005-2689
CVE-2005-2689 covers multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b (and older). The issues allow remote attackers to inject arbitrary HTML/JavaScript via (1) the moderate parameter to the Comments module, and (2) htmltext parameter to html/user.php. The NVD record lis...
CVE-2002-2015
The CVE-2002-2015 entry concerns PostNuke 0.703, where PHP file inclusion in user.php can be triggered through the caselist parameter to include arbitrary files and potentially execute code. The root cause is a file inclusion weakness allowing remote attackers to supply a path to arbitrary files....
CVE-2005-1621
CVE-2005-1621 is a directory traversal vulnerability in PostNuke. Affects PostNuke 0.750 through 0.760rc4, in the pnModFunc function of pnMod.php. Attackers can read arbitrary files by supplying .. in the func parameter to index.php. The connected sources confirm the vulnerability and affected ve...
CVE-2007-0386
Technical details for CVE-2007-0386 are not provided in the supplied documents; the records only state an unspecified vulnerability in PostNuke 0.764 with unknown impact. Monitor for updates.
CVE-2001-1460
CVE-2001-1460 describes a SQL injection in PostNuke 0.62–0.64 that allows remote bypass of authentication via the user parameter in article.php. CVSS: base 7.5 (HIGH); network vector, low complexity, no authentication. Affected products: PostNuke 0.62–0.64. Root cause: insufficient input validati...
CVE-2003-1537
CVE-2003-1537 is a directory traversal vulnerability affecting PostNuke 0.723 and earlier. The issue allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. Connected sources corroborate the vulnerability description across NVD/Red Hat CVE records ...
CVE-2001-1521
CVE-2001-1521 is an XSS vulnerability in PostNuke 0.64, specifically in the file/user component user.php , where the uname parameter can be exploited to inject arbitrary web script or HTML. The public records identify the affected software as PostNuke 0.64 and the vulnerability as a cross-site sc...
CVE-2005-0615
PostNuke 0.760-RC2 is affected by multiple SQL injection vulnerabilities in index.php, modules.php, and admin.php via the catid parameter, enabling remote attackers to execute arbitrary SQL. The CVE entry CVE-2005-0615 maps to these flaws. OpenVAS/Nessus entries corroborate multiple SQL injection...
CVE-2005-1695
CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...
CVE-2006-0801
The CVE-2006-0801 entry describes a SQL injection vulnerability in the NS-Languages module of PostNuke 0.761 and earlier. When magic_quotes_gpc is disabled, an attacker can trigger arbitrary SQL commands by supplying the language parameter to admin.php, potentially affecting authentication/operat...
CVE-2005-1048
CVE-2005-1048 relates to a SQL injection in PostNuke 0.760 RC3, where the sid parameter in modules.php can be exploited remotely to run arbitrary SQL statements. The affected software is PostNuke (version 0.760 RC3 as cited; vendor reportedly could not reproduce issues for 0.760 RC3 or 0.750). Th...
CVE-2005-1050
CVE-2005-1050 affects PostNuke 0.760-RC3 in the Reviews module’s modload op. The vulnerability allows remote attackers to disclose sensitive information by supplying an invalid id parameter, causing a PHP error message that reveals the path. The NVD entry rates impact as Partial Confidentiality w...
CVE-2007-0385
The CVE-2007-0385 entry affects PostNuke 0.764. Affected component: FAQ/index.php where unvalidated output may disclose the server’s full path, potentially involving an undefined id_cat variable. This is a remote information-disclosure issue in the FAQ section. The connected sources confirm the v...
CVE-2005-1694
Technical details (affected product/version, root cause, exploit, impact) are not publicly provided in the supplied documents; monitor for updates.
CVE-2005-1778
CVE-2005-1778 describes a cross-site scripting (XSS) vulnerability in PostNuke 0.750, exploitable via the start parameter in readpmsg.php. The affected component is readpmsg.php within PostNuke, enabling remote attackers to inject arbitrary web script or HTML. The available connected documents co...
CVE-2006-0802
CVE-2006-0802 is an XSS flaw in the NS-Languages module of PostNuke 0.761 and earlier, exploitable when magic_quotes_gpc is enabled. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the language parameter during a missing or translation operation. Multiple conn...
CVE-2006-5733
CVE-2006-5733 : A directory traversal/remote local file inclusion flaw in PostNuke ≤0.763 (error.php) allows an attacker to cause arbitrary local file inclusion by placing PHP sequences in the PNSVlang cookie, which gets written into Apache logs and later included by error.php. Affected product/v...
CVE-2004-2752
PostNuke’s Downloads module (≤0.726) is affected by a cross-site scripting (XSS) flaw in the viewdownloaddetails action, triggered via the ttitle parameter. This allows remote injection of arbitrary HTML/JavaScript. The description is corroborated across CVE/NVD/Red Hat records; one connected EUV...
CVE-2004-2751
PostNuke 0.726 (and possibly earlier) contains an SQL injection in the members_list module, exploitable via the sortby parameter. This allows remote attackers to craft SQL commands to affect the database. The vulnerability is stated for the members_list component, with no additional exploit detai...
CVE-2005-1049
Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...
CVE-2006-6233
The CVE refers to an SQL injection in the Downloads module of PostNuke (unknown versions). The vulnerability is triggered by the lid parameter in a viewdownloaddetails operation, potentially arising from the viewdownloaddetails function in dl-downloaddetails.php. Impact is partial confidentiality...
CVE-2004-1956
PostNuke 0.7.2.6 is affected by CVE-2004-1956. The vulnerability allows remote attackers to cause information disclosure by issuing direct HTTP requests to files in the includes/blocks, pnadodb, NS-NewUser, NS-Your_Account, NS-LostPassword, and NS-User paths, which trigger PHP error messages reve...
CVE-2002-1996
Technical details about CVE-2002-1996 are not publicly provided in the supplied documents; no concrete fix, affected products, or exploit information is included. Monitor for updates.
CVE-2006-5121
PostNuke 0.762 is affected by an SQL injection in the Admin section: modules/Downloads/admin.php via the hits parameter, allowing remote execution of arbitrary SQL on the backend database. Multiple sources (NVD entry CVE-2006-5121 and downstream advisories) confirm the vulnerability and its impac...
CVE-2006-6267
The CVE-2006-6267 issue affects PostNuke 0.7.5.0 and some minor versions. The vulnerability allows remote attackers to obtain sensitive information by supplying a non-numeric value for the stop parameter, which causes an error message that reveals the path, enabling information disclosure. The av...