Page 4 of 97 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. Múltiples vulnerabilidades de inyección SQL en las funciones (1) rate_article y (2) rate_complete en modules/News/index.php en el módulo News en Francisco Burzi PHP-Nuke 7.9 y anteriores, cuando magic_quotes_gpc está desactivado, permite a un atacante remoto ejecutar comandos SQL a través del parámetro sid. • http://secunia.com/advisories/23128 http://securityreason.com/securityalert/1935 http://securitytracker.com/id?1017282 http://www.neosecurityteam.net/index.php?action=advisories&id=30 http://www.securityfocus.com/archive/1/452553/100/0/threaded http://www.securityfocus.com/bid/21277 http://www.vupen.com/english/advisories/2006/4739 https://exchange.xforce.ibmcloud.com/vulnerabilities/30525 •

CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 1

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 http://secunia.com/advisories/22617 http://securityreason.com/securityalert/1812 http://www.neosecurityteam.net/index.php?action=advisories&id=29 http://www.securityfocus.com/archive/1/450183/100/0/threaded http://www.securityfocus.com/bid/20829 http://www.vupen.com/english/advisories/2006/4295 https://exchange.xforce.ibmcloud.com/vulnerabilities/29940 •

CVSS: 5.1EPSS: 4%CPEs: 10EXPL: 2

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección SQL a través de las secuencias (1) "/**/UNION " o (2) " UNION/**/", lo cual no es aceptado por los mecanismos de protección, como se demostró por la inyección SQL a través del parámetro eid en una acción de búsqueda en el módulo Encyclopedia en modules.php. • https://www.exploit-db.com/exploits/2617 http://secunia.com/advisories/22511 http://www.neosecurityteam.net/index.php?action=advisories&id=27 http://www.securityfocus.com/bid/20674 http://www.vupen.com/english/advisories/2006/4149 https://exchange.xforce.ibmcloud.com/vulnerabilities/29705 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. • http://secunia.com/advisories/18972 http://www.osvdb.org/23431 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18972 http://www.osvdb.org/23432 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 https://exchange.xforce.ibmcloud.com/vulnerabilities/44730 •