Page 13 of 86 results (0.002 seconds)

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. • https://www.exploit-db.com/exploits/23814 http://marc.info/?l=bugtraq&m=107937752811633&w=2 http://secunia.com/advisories/11135 http://www.securityfocus.com/bid/9879 https://exchange.xforce.ibmcloud.com/vulnerabilities/15491 •

CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/341743 http://www.securityfocus.com/bid/8848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 http://securityreason.com/securityalert/3718 http://www.securityfocus.com/archive/1/316925/30/25250/threaded http://www.securityfocus.com/archive/1/317230/30/25220/threaded http://www.securityfocus.com/bid/7248 https://exchange.xforce.ibmcloud.com/vulnerabilities/11675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •