CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1699
https://notcve.org/view.php?id=CVE-2005-1699
24 May 2005 — Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter. • http://marc.info/?l=bugtraq&m=111670586322172&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1700
https://notcve.org/view.php?id=CVE-2005-1700
24 May 2005 — SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. • http://marc.info/?l=bugtraq&m=111670586322172&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1621
https://notcve.org/view.php?id=CVE-2005-1621
16 May 2005 — Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. • http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1048
https://notcve.org/view.php?id=CVE-2005-1048
12 Apr 2005 — SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750. • http://digitalparadox.org/advisories/postnuke.txt •
CVSS: 6.1EPSS: 13%CPEs: 1EXPL: 5CVE-2005-1049 – PostNuke Phoenix 0.760 RC3 - 'Module' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1049
12 Apr 2005 — Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. • https://www.exploit-db.com/exploits/25367 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1050
https://notcve.org/view.php?id=CVE-2005-1050
12 Apr 2005 — The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. • http://digitalparadox.org/advisories/postnuke.txt •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0615
https://notcve.org/view.php?id=CVE-2005-0615
02 Mar 2005 — Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. • http://marc.info/?l=bugtraq&m=110962819232255&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0617
https://notcve.org/view.php?id=CVE-2005-0617
02 Mar 2005 — SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. • http://marc.info/?l=bugtraq&m=110962710805864&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0616
https://notcve.org/view.php?id=CVE-2005-0616
28 Feb 2005 — Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. • http://marc.info/?l=bugtraq&m=110962768300373&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2004-2751
https://notcve.org/view.php?id=CVE-2004-2751
31 Dec 2004 — SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •