CVE-2006-0802
https://notcve.org/view.php?id=CVE-2006-0802
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 •
CVE-2004-2751
https://notcve.org/view.php?id=CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html http://community.postnuke.com/Article2535.htm http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php http://www.osvdb.org/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/11500 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-1537
https://notcve.org/view.php?id=CVE-2003-1537
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •