Page 4 of 98 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 3

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. • https://www.exploit-db.com/exploits/27208 http://secunia.com/advisories/18820 http://securityreason.com/securityalert/425 http://www.securityfocus.com/archive/1/424956/100/0/threaded http://www.securityfocus.com/bid/16608 http://www.vupen.com/english/advisories/2006/0542 http://www.waraxe.us/advisory-44.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24650 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. • https://www.exploit-db.com/exploits/27058 http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html http://secunia.com/advisories/18394 http://www.osvdb.org/22316 http://www.securityfocus.com/bid/16186 http://www.vupen.com/english/advisories/2006/0120 https://exchange.xforce.ibmcloud.com/vulnerabilities/44978 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. • http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html http://archives.neohapsis.com/archives/bugtraq/2005-09/0167.html http://archives.neohapsis.com/archives/bugtraq/2005-09/0176.html http://archives.neohapsis.com/archives/bugtraq/2005-09/0226.html http://phpnuke.org/modules.php?name=News&file=article&sid=7434 http://secunia.com/advisories/16801 http://securityreason.com/securityalert/3 http://www.nukefixes.com/ftopict-1779-.html#7641 http://www.osvdb.org/19351 https: •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 2

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. Conflicto de interpretación en includes/mainfile.php en PHP-Nuke 7.9 y anteriores permite a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS) reemplazando el ">" en una etiqueta con un "<" lo que evita las expresiones regulares que sanean los datos, pero es automáticamente corregido por muchos navegadores web. NOTA: podría ser argumentado que esto es debido a una limitación de diseño de muchos navegadores web; si es así, esto no debería ser tratado como una vulnerabilidad de PHP-Nuke. • https://www.exploit-db.com/exploits/26817 http://www.securityfocus.com/archive/1/419496/100/0/threaded http://www.securityfocus.com/archive/1/419991/100/0/threaded http://www.securityfocus.com/bid/15855 •

CVSS: 7.5EPSS: 94%CPEs: 7EXPL: 3

Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. Múltiples vulnerabilidades de inyección de SQL en el módulo de Busqueda de PHP-Nuke 7.8, y posiblemente otras versiones anteriores a 7.9 con el parche 3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios, como se ha demostrado mediante el parámetro "query" en un tipo 'stories'. • https://www.exploit-db.com/exploits/1326 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0454.html http://marc.info/?l=bugtraq&m=113210758511323&w=2 http://secunia.com/advisories/17543 http://securityreason.com/achievement_exploitalert/5 http://securitytracker.com/id?1015215 http://securitytracker.com/id?1015651 http://www.osvdb.org/20866 http://www.securityfocus.com/archive/1/425508/100/0/threaded http://www.securityfocus.com/archive/1/425627/100/0/threaded http& •