CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 http://secunia.com/advisories/22617 http://securityreason.com/securityalert/1812 http://www.neosecurityteam.net/index.php?action=advisories&id=29 http://www.securityfocus.com/archive/1/450183/100/0/threaded http://www.securityfocus.com/bid/20829 http://www.vupen.com/english/advisories/2006/4295 https://exchange.xforce.ibmcloud.com/vulnerabilities/29940 •
CVE-2006-5525 – PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5525
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección SQL a través de las secuencias (1) "/**/UNION " o (2) " UNION/**/", lo cual no es aceptado por los mecanismos de protección, como se demostró por la inyección SQL a través del parámetro eid en una acción de búsqueda en el módulo Encyclopedia en modules.php. • https://www.exploit-db.com/exploits/2617 http://secunia.com/advisories/22511 http://www.neosecurityteam.net/index.php?action=advisories&id=27 http://www.securityfocus.com/bid/20674 http://www.vupen.com/english/advisories/2006/4149 https://exchange.xforce.ibmcloud.com/vulnerabilities/29705 •
CVE-2005-3016
https://notcve.org/view.php?id=CVE-2005-3016
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. • http://secunia.com/advisories/16843 http://www.phpnuke.org/modules.php?name=News&file=article&sid=7435 •
CVE-2005-1180
https://notcve.org/view.php?id=CVE-2005-1180
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. • http://marc.info/?l=bugtraq&m=111359804013536&w=2 http://secunia.com/advisories/14965 http://www.digitalparadox.org/advisories/pnuke.txt http://www.osvdb.org/15647 https://exchange.xforce.ibmcloud.com/vulnerabilities/20116 •
CVE-2004-2044 – PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
https://notcve.org/view.php?id=CVE-2004-2044
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. • https://www.exploit-db.com/exploits/24166 http://archives.neohapsis.com/archives/bugtraq/2004-06/0005.html http://archives.neohapsis.com/archives/bugtraq/2004-06/0006.html http://marc.info/?l=bugtraq&m=108611606320559&w=2 http://marc.info/?l=bugtraq&m=108611643614881&w=2 http://marc.info/?l=bugtraq&m=108662955105757&w=2 http://secunia.com/advisories/11766 http://www.osvdb.org/6593 http://www.securityfocus.com/bid/10447 https://exchange.xforce.ibmcloud.com/vulnerabi •