CVE-2004-1929 – PHP-Nuke 6.x/7.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1929
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. • https://www.exploit-db.com/exploits/23998 http://marc.info/?l=bugtraq&m=108180111826852&w=2 http://secunia.com/advisories/11347 http://www.securityfocus.com/bid/10135 http://www.waraxe.us/index.php?modname=sa&id=17 https://exchange.xforce.ibmcloud.com/vulnerabilities/15839 •
CVE-2004-1930 – PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1930
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. • https://www.exploit-db.com/exploits/23990 http://marc.info/?l=bugtraq&m=108182759214035&w=2 http://secunia.com/advisories/11347 http://www.securityfocus.com/bid/10128 http://www.waraxe.us/index.php?modname=sa&id=16 https://exchange.xforce.ibmcloud.com/vulnerabilities/15842 •
CVE-2004-1932 – PHP-Nuke - SQL Injection Edit/Save Messages
https://notcve.org/view.php?id=CVE-2004-1932
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 http://marc.info/?l=bugtraq&m=108180334918576&w=2 http://www.waraxe.us/index.php?modname=sa&id=18 https://exchange.xforce.ibmcloud.com/vulnerabilities/15835 •
CVE-2004-1986 – Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2004-1986
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. • https://www.exploit-db.com/exploits/24073 http://marc.info/?l=bugtraq&m=108360247732014&w=2 http://secunia.com/advisories/11524 http://securitytracker.com/id?1010001 http://www.osvdb.org/5758 http://www.securityfocus.com/bid/10253 http://www.waraxe.us/index.php?modname=sa&id=26 https://exchange.xforce.ibmcloud.com/vulnerabilities/16042 •
CVE-2004-1839
https://notcve.org/view.php?id=CVE-2004-1839
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 http://www.securityfocus.com/bid/9946 •