Page 6 of 56 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. • https://www.exploit-db.com/exploits/24190 http://marc.info/?l=bugtraq&m=111263454308478&w=2 http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/19952 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke 6.x hasta la versión 7.6 permite a atacantes remotos obtener información sensible a través de una petición directa a (1) index.php con el parámetro forum_admin establecido, (2) el módulo Surveys o (3) el módulo Your_Account, lo que revela la ruta en un mensaje de error PHP. • http://marc.info/?l=bugtraq&m=111272010303144&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. • https://www.exploit-db.com/exploits/25341 http://marc.info/?l=bugtraq&m=111272010303144&w=2 http://www.securityfocus.com/archive/1/321324 http://www.securityfocus.com/bid/7570 https://exchange.xforce.ibmcloud.com/vulnerabilities/11994 •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. • https://www.exploit-db.com/exploits/921 http://marc.info/?l=bugtraq&m=111281649616901&w=2 http://www.waraxe.us/advisory-41.html •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19346 •