CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 2CVE-2005-0999 – PHP-Nuke 6.x < 7.6 Top module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-0999
07 Apr 2005 — SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. • https://www.exploit-db.com/exploits/921 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2005-1000 – PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1000
07 Apr 2005 — Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. • https://www.exploit-db.com/exploits/25339 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1001
https://notcve.org/view.php?id=CVE-2005-1001
07 Apr 2005 — PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. • http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2005-0433
https://notcve.org/view.php?id=CVE-2005-0433
15 Feb 2005 — Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 2CVE-2005-0434
https://notcve.org/view.php?id=CVE-2005-0434
15 Feb 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. • http://www.securityfocus.com/bid/12561 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2004-1913 – NukeCalendar 1.1.a - 'eid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1913
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. • https://www.exploit-db.com/exploits/23932 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 5CVE-2004-1912 – NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1912
31 Dec 2004 — The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. • https://www.exploit-db.com/exploits/23929 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2004-1914 – NukeCalendar 1.1.a - 'eid' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1914
31 Dec 2004 — SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. • https://www.exploit-db.com/exploits/23933 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 4CVE-2004-2018 – PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion
https://notcve.org/view.php?id=CVE-2004-2018
31 Dec 2004 — PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24127 •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 3CVE-2004-2019
https://notcve.org/view.php?id=CVE-2004-2019
31 Dec 2004 — The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108482957715299&w=2 •