Page 4 of 54 results (0.003 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. Vulnerabilidad de inyección SQL en modules/Downloads/admin.php en la sección Admin de PostNuke 0.762 permite a un atacante remoto ejecutar comandos SQL de su elección a través del parámetro hits. • http://community.postnuke.com/index.php?name=News&file=article&sid=2783 http://secunia.com/advisories/22197 http://securityreason.com/securityalert/1669 http://www.securityfocus.com/archive/1/447361/100/0/threaded http://www.securityfocus.com/bid/20317 http://www.vupen.com/english/advisories/2006/3886 https://exchange.xforce.ibmcloud.com/vulnerabilities/29271 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_admin.php en PNphpBB 1.2g permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2390 http://noc.postnuke.com/frs/download.php/1094/patch_1.2g-1.2i.diff.gz http://securitytracker.com/id?1016912 http://www.securityfocus.com/archive/1/446267/100/0/threaded http://www.securityfocus.com/archive/1/446568/100/0/threaded http://www.securityfocus.com/archive/1/446617 http://www.securityfocus.com/bid/20097 http://www.vupen.com/english/advisories/2006/3671 https://exchange.xforce.ibmcloud.com/vulnerabilities/29014 •

CVSS: 5.1EPSS: 2%CPEs: 1EXPL: 1

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. • https://www.exploit-db.com/exploits/27255 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24827 •

CVSS: 2.6EPSS: 0%CPEs: 19EXPL: 2

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. • https://www.exploit-db.com/exploits/27254 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 •