CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0802
https://notcve.org/view.php?id=CVE-2006-0802
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1949
https://notcve.org/view.php?id=CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html http://marc.info/?l=bugtraq&m=108256503718978&w=2 http://news.postnuke.com/Article2580.html http://secunia.com/advisories/11386 http://securitytracker.com/id?1009801 http://www.osvdb.org/5368 http://www.osvdb.org/5369 http://www.securityfocus.com/bid/10146 https://exchange.xforce.ibmcloud.com/vulnerabilities/15869 https://exchange.xforce.ibmcloud.com/vulnerabilities/15875 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2004-2751
https://notcve.org/view.php?id=CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html http://community.postnuke.com/Article2535.htm http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php http://www.osvdb.org/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/11500 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2752
https://notcve.org/view.php?id=CVE-2004-2752
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. • http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2004-1956
https://notcve.org/view.php?id=CVE-2004-1956
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. • http://marc.info/?l=bugtraq&m=108258902000472&w=2 http://www.securityfocus.com/bid/10191 http://www.waraxe.us/index.php?modname=sa&id=22 https://exchange.xforce.ibmcloud.com/vulnerabilities/15933 •