CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 4CVE-2004-1986 – Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2004-1986
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. • https://www.exploit-db.com/exploits/24073 http://marc.info/?l=bugtraq&m=108360247732014&w=2 http://secunia.com/advisories/11524 http://securitytracker.com/id?1010001 http://www.osvdb.org/5758 http://www.securityfocus.com/bid/10253 http://www.waraxe.us/index.php?modname=sa&id=26 https://exchange.xforce.ibmcloud.com/vulnerabilities/16042 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2004-1840
https://notcve.org/view.php?id=CVE-2004-1840
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 http://www.securityfocus.com/bid/9947 https://exchange.xforce.ibmcloud.com/vulnerabilities/15575 •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1839
https://notcve.org/view.php?id=CVE-2004-1839
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 http://www.securityfocus.com/bid/9946 •
CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 3CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0266 – PHP-Nuke 6.x/7.x - Public Message SQL Injection
https://notcve.org/view.php?id=CVE-2004-0266
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 http://marc.info/?l=bugtraq&m=107635110327066&w=2 http://www.securityfocus.com/bid/9615 https://exchange.xforce.ibmcloud.com/vulnerabilities/15080 •