CVE-2004-2354
https://notcve.org/view.php?id=CVE-2004-2354
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered. • http://archives.neohapsis.com/archives/bugtraq/2004-03/0139.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15478 •
CVE-2004-2294 – PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2294
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. • https://www.exploit-db.com/exploits/24194 http://secunia.com/advisories/11852 http://www.osvdb.org/6999 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 •
CVE-2004-0737
https://notcve.org/view.php?id=CVE-2004-0737
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo Busqueda de Php-Nuke permite a atacantes remotos inyectar script web o HTML de su elección mdiante los parámetros (1) sid, (2) max, (3) sel1, (4) sel2, (5)sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, o (11) mod3 . • http://marc.info/?l=bugtraq&m=109026609504767&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 •
CVE-2004-0738
https://notcve.org/view.php?id=CVE-2004-0738
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. Multiples vulnerabilidades de inyección de SQL en el módulo Busqueda de Php-Nuke permiten a atacantes remotos ejecutar SQL arbitrario mediante los parámetros (1) min o (2) categ. • http://marc.info/?l=bugtraq&m=109026609504767&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16737 •
CVE-2004-0731
https://notcve.org/view.php?id=CVE-2004-0731
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php del módulo de búsqueda de Php-Nuke permite a atacantes remotos inyectar script de su elección como otros usuarios mediante el campo entrada. • http://marc.info/?l=bugtraq&m=109002107329823&w=2 http://www.waraxe.us/index.php?modname=sa&id=35 https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 •