CVE-2004-1986 – Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2004-1986
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. • https://www.exploit-db.com/exploits/24073 http://marc.info/?l=bugtraq&m=108360247732014&w=2 http://secunia.com/advisories/11524 http://securitytracker.com/id?1010001 http://www.osvdb.org/5758 http://www.securityfocus.com/bid/10253 http://www.waraxe.us/index.php?modname=sa&id=26 https://exchange.xforce.ibmcloud.com/vulnerabilities/16042 •
CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable admin en el módulo Web_Links. • https://www.exploit-db.com/exploits/22589 https://www.exploit-db.com/exploits/23680 http://marc.info/?l=bugtraq&m=107643348117646&w=2 http://www.scan-associates.net/papers/phpnuke69.txt http://www.securityfocus.com/bid/9630 https://exchange.xforce.ibmcloud.com/vulnerabilities/15115 •
CVE-2003-1210 – PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html http://www.securityfocus.com/bid/7588 https://exchange.xforce.ibmcloud.com/vulnerabilities/11984 •
CVE-2003-0318
https://notcve.org/view.php?id=CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en el módulo de estadísticas de PHP-Nuke 6.0 y anteriores permite que atacantes remotos inserten script web arbitrario mediante el parámetro year. • http://marc.info/?l=bugtraq&m=105319538308834&w=2 •
CVE-2002-2032 – PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2032
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. • https://www.exploit-db.com/exploits/21233 http://www.securityfaq.com/unixfocus/5OP041P6BE.html http://www.securityfocus.com/bid/3906 •