CVE-2004-1830 – PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •
CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable admin en el módulo Web_Links. • https://www.exploit-db.com/exploits/22589 https://www.exploit-db.com/exploits/23680 http://marc.info/?l=bugtraq&m=107643348117646&w=2 http://www.scan-associates.net/papers/phpnuke69.txt http://www.securityfocus.com/bid/9630 https://exchange.xforce.ibmcloud.com/vulnerabilities/15115 •
CVE-2004-1817 – PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1817
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. • https://www.exploit-db.com/exploits/23814 http://marc.info/?l=bugtraq&m=107937752811633&w=2 http://secunia.com/advisories/11135 http://www.securityfocus.com/bid/9879 https://exchange.xforce.ibmcloud.com/vulnerabilities/15491 •
CVE-2003-1435 – PHP-Nuke 5.6/6.0 - Search Engine SQL Injection
https://notcve.org/view.php?id=CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. • https://www.exploit-db.com/exploits/22266 http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html http://www.securityfocus.com/bid/6887 https://exchange.xforce.ibmcloud.com/vulnerabilities/11375 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-1400 – PHP-Nuke 5.x/6.0 - Avatar HTML Injection
https://notcve.org/view.php?id=CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. • https://www.exploit-db.com/exploits/22211 http://www.securityfocus.com/archive/1/309959 http://www.securityfocus.com/archive/1/310115 http://www.securityfocus.com/bid/6750 https://exchange.xforce.ibmcloud.com/vulnerabilities/11229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •