CVE-2004-1830 – PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •
CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable admin en el módulo Web_Links. • https://www.exploit-db.com/exploits/22589 https://www.exploit-db.com/exploits/23680 http://marc.info/?l=bugtraq&m=107643348117646&w=2 http://www.scan-associates.net/papers/phpnuke69.txt http://www.securityfocus.com/bid/9630 https://exchange.xforce.ibmcloud.com/vulnerabilities/15115 •
CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •
CVE-2003-1468 – PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2003-1547
https://notcve.org/view.php?id=CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 http://securityreason.com/securityalert/3718 http://www.securityfocus.com/archive/1/316925/30/25250/threaded http://www.securityfocus.com/archive/1/317230/30/25220/threaded http://www.securityfocus.com/bid/7248 https://exchange.xforce.ibmcloud.com/vulnerabilities/11675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •