CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 5CVE-2004-1912 – NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1912
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. • https://www.exploit-db.com/exploits/23929 https://www.exploit-db.com/exploits/23930 https://www.exploit-db.com/exploits/23931 https://www.exploit-db.com/exploits/23928 http://marc.info/?l=bugtraq&m=108144168932458&w=2 http://www.securityfocus.com/bid/10082 https://exchange.xforce.ibmcloud.com/vulnerabilities/15795 •
CVSS: 7.5EPSS: 8%CPEs: 15EXPL: 4CVE-2004-2018 – PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
https://notcve.org/view.php?id=CVE-2004-2018
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24127 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.html http://marc.info/?l=bugtraq&m=108482888621896&w=2 http://secunia.com/advisories/11625 http://www.osvdb.org/6222 http://www.securityfocus.com/bid/10365 http://www.waraxe.us/index.php?modname=sa&id=29 https://exchange.xforce.ibmcloud.com/vulnerabilities/16218 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0736
https://notcve.org/view.php?id=CVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. El módulo de búsqueda en Php-Nuke permite a atacantes remotos obtener información sensible mediante patrones de búsqueda (1) "**" o "+", que revelan la ruta en el mensaje de error. • http://marc.info/?l=bugtraq&m=109026609504767&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16736 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0737
https://notcve.org/view.php?id=CVE-2004-0737
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo Busqueda de Php-Nuke permite a atacantes remotos inyectar script web o HTML de su elección mdiante los parámetros (1) sid, (2) max, (3) sel1, (4) sel2, (5)sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, o (11) mod3 . • http://marc.info/?l=bugtraq&m=109026609504767&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2004-0731
https://notcve.org/view.php?id=CVE-2004-0731
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo de búsqueda de Php-Nuke permite a atacantes remotos inyectar script de su elección como otros usuarios mediante el campo entrada. • http://marc.info/?l=bugtraq&m=109002107329823&w=2 http://www.waraxe.us/index.php?modname=sa&id=35 https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 •