CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3584 – PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3584
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. Vulnerabilidad de inyección SQL en viewforum.php de PHphpBB2 1.2i y anteriores para Postnuke permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro order. • https://www.exploit-db.com/exploits/4147 http://osvdb.org/45777 https://exchange.xforce.ibmcloud.com/vulnerabilities/35256 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3052 – PNPHPBB2 < 1.2 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3052
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. Vulnerabilidad de inyección SQL en index.php en el módulo PNphpBB2 1.2i y anteriores para PostNuke permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro c. • https://www.exploit-db.com/exploits/4026 http://osvdb.org/35424 http://secunia.com/advisories/25480 http://www.securityfocus.com/bid/24295 http://www.vupen.com/english/advisories/2007/2037 https://exchange.xforce.ibmcloud.com/vulnerabilities/34668 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-2492 – PostNuke Module v4bJournal - SQL Injection
https://notcve.org/view.php?id=CVE-2007-2492
SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. Vulnerabilidad de inyección SQL en index.php en el módulo v4bJournal para PostNuke, permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro id en una acción journal_comment. • https://www.exploit-db.com/exploits/3835 http://osvdb.org/35703 http://securityreason.com/securityalert/2674 http://www.securityfocus.com/archive/1/467387/100/0/threaded http://www.securityfocus.com/bid/23777 http://www.vupen.com/english/advisories/2007/1632 https://exchange.xforce.ibmcloud.com/vulnerabilities/34024 •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2007-1158 – Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1158
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Vulnerabilidad de escalado de directorio en index.php del módulo Pagesetter 6.2.0 hasta el 6.3.0 beta 5 para el PostNuke permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en el parámetro id. • https://www.exploit-db.com/exploits/29681 http://marc.info/?l=full-disclosure&m=117251821622820&w=2 http://marc.info/?l=full-disclosure&m=117256698219502&w=2 http://osvdb.org/33781 http://secunia.com/advisories/24299 http://securityreason.com/securityalert/2336 http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125 http://www.securityfocus.com/archive/1/461339/100/0/threaded http://www.securityfocus.com/bid/22733 http://www.vupen.com/english/a •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0385
https://notcve.org/view.php?id=CVE-2007-0385
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. La sección faq en Postnuke 0.764 permite a atacantes remotos obtener información sensible (la ruta completa) a través "salidas no validas) en FAQ/index.php, posiblemente afectando a la variable no definida id_cat. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911 http://osvdb.org/35472 http://www.hackers.ir/advisories/festival.txt •