php nuke software vulnerabilities
vulnerabilities.aspcode.net
Searching php nuke software vulnerabilities
PHP-Nuke 4.4.1a allows remote attackers to modi
attackers
|
password
|
PHP-Nuke
|
guessing
|
address
|
obtain
|
user's
|
remote
|
allows
|
modify
|
email
|
user
|
441a
|
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
Cross-site scripting (XSS) vulnerability in im.
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.
Cross-site scripting (XSS) vulnerability in PHP
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
SQL injection vulnerability in index.php in the
vulnerability
|
statements
|
attackers
|
arbitrary
|
injection
|
parameter
|
Php-Nuke
|
indexphp
|
execute
|
instory
|
module
|
Search
|
remote
|
allows
|
SQL
|
via
|
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
The search module in Php-Nuke allows remote att
information
|
attackers
|
sensitive
|
Php-Nuke
|
remote
|
module
|
search
|
allows
|
gain
|
via
|
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
Multiple SQL injection vulnerabilities in the S
vulnerabilities
|
injection
|
arbitrary
|
attackers
|
Php-Nuke
|
Multiple
|
execute
|
remote
|
Search
|
module
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
SQL injection vulnerability in MS Analysis modu
vulnerability
|
arbitrary
|
attackers
|
injection
|
PHP-Nuke
|
Analysis
|
execute
|
request
|
referer
|
module
|
allows
|
remote
|
field
|
HTTP
|
SQL
|
via
|
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.
SQL injection vulnerability in modules.php in N
vulnerability
|
NukeCalendar
|
modulesphp
|
attackers
|
arbitrary
|
injection
|
parameter
|
PHP-Nuke
|
commands
|
execute
|
allows
|
remote
|
used
|
eid
|
SQL
|
11a
|
via
|
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
PHP-Nuke 7.3, and other products that use the P
OSCNukeLite
|
codebase
|
OSC2Nuke
|
properly
|
PHP-Nuke
|
products
|
betaNC
|
Bundle
|
other
|
such
|
Nuke
|
Cops
|
use
|
not
|
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
SQL injection vulnerability in the Reviews modu
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
PHP-Nuke
|
commands
|
Reviews
|
execute
|
module
|
allows
|
remote
|
order
|
SQL
|
via
|
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.
Cross-site scripting (XSS) vulnerability in GBo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the Software vulnerabilities results 1 to 20 of 2823
Page:
1
2
3
4
5
...
142
►