postnuke software vulnerabilities
vulnerabilities.aspcode.net
Searching postnuke software vulnerabilities
SQL injection vulnerability in article.php in P
vulnerability
|
articlephp
|
injection
|
PostNuke
|
SQL
|
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
Cross-site scripting (XSS) vulnerability in use
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
Cross-site scripting vulnerability in PHPWiki P
vulnerability
|
Cross-site
|
parameter
|
attackers
|
scripting
|
pagename
|
Postnuke
|
execute
|
PHPWiki
|
script
|
module
|
allows
|
remote
|
users
|
other
|
wiki
|
via
|
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
Cross-site scripting (XSS) vulnerability in Pos
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.
PHP file inclusion vulnerability in user.php in
vulnerability
|
inclusion
|
PostNuke
|
userphp
|
file
|
PHP
|
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
Multiple SQL injection vulnerabilities in index
vulnerabilities
|
injection
|
attackers
|
arbitrary
|
Postnuke
|
Subjects
|
Multiple
|
commands
|
indexphp
|
execute
|
module
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
Directory traversal vulnerability in EasyWeb Fi
vulnerability
|
FileManager
|
attackers
|
arbitrary
|
Directory
|
traversal
|
retrieve
|
PostNuke
|
EasyWeb
|
allows
|
remote
|
files
|
RC-1
|
via
|
Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.
SQL injection vulnerability in dl-search.php in
vulnerability
|
dl-searchphp
|
injection
|
PostNuke
|
SQL
|
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.
Multiple unknown vulnerabilities in the Blocks
vulnerabilities
|
AutoTheme
|
Multiple
|
PostNuke
|
AT-Lite
|
Spidean
|
unknown
|
impact
|
module
|
Blocks
|
have
|
Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact.
Directory traversal vulnerability in pnadminapi
administrators
|
pnadminapiphp
|
vulnerability
|
Directory
|
arbitrary
|
traversal
|
0760-RC3
|
PostNuke
|
Xanthia
|
module
|
allows
|
remote
|
files
|
read
|
via
|
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
SQL injection vulnerability in pnadmin.php in t
administrators
|
vulnerability
|
pnadminphp
|
arbitrary
|
parameter
|
injection
|
commands
|
0760-RC3
|
PostNuke
|
execute
|
Xanthia
|
riga[0]
|
module
|
allows
|
remote
|
SQL
|
via
|
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
SQL injection vulnerability in readpmsg.php in
vulnerability
|
readpmsgphp
|
injection
|
PostNuke
|
SQL
|
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
Cross-site scripting (XSS) vulnerability in rea
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
User.php in Gallery, as used in Postnuke, allow
privileges
|
galleries
|
Postnuke
|
Gallery
|
Userphp
|
access
|
allows
|
Admin
|
users
|
used
|
gain
|
all
|
any
|
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
SQL injection vulnerability in modules/Download
modules/Downloads/adminphp
|
vulnerability
|
injection
|
PostNuke
|
section
|
Admin
|
SQL
|
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
SQL injection vulnerability in the Downloads mo
viewdownloaddetails
|
vulnerability
|
arbitrary
|
attackers
|
parameter
|
injection
|
Downloads
|
operation
|
commands
|
versions
|
PostNuke
|
unknown
|
execute
|
module
|
allows
|
remote
|
SQL
|
via
|
lid
|
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
Unspecified vulnerability in the rating section
vulnerability
|
Unspecified
|
PostNuke
|
section
|
rating
|
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
SQL injection vulnerability in index.php in the
vulnerability
|
pnFlashGames
|
parameter
|
arbitrary
|
injection
|
attackers
|
PostNuke
|
indexphp
|
commands
|
execute
|
module
|
allows
|
remote
|
SQL
|
cid
|
via
|
SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in index.php in the
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
PostNuke
|
commands
|
PNphpBB2
|
indexphp
|
execute
|
earlier
|
allows
|
module
|
remote
|
SQL
|
via
|
12i
|
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in viewforum.php in
vulnerability
|
viewforumphp
|
attackers
|
arbitrary
|
injection
|
parameter
|
Postnuke
|
PNphpBB2
|
commands
|
earlier
|
execute
|
allows
|
remote
|
order
|
SQL
|
12i
|
via
|
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
Software vulnerabilities results 1 to 20 of 47
Page:
1
2
3
►