CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1694
https://notcve.org/view.php?id=CVE-2005-1694
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. • http://marc.info/?l=bugtraq&m=111670823128472&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1700
https://notcve.org/view.php?id=CVE-2005-1700
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. • http://marc.info/?l=bugtraq&m=111670586322172&w=2 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1696
https://notcve.org/view.php?id=CVE-2005-1696
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module. • http://marc.info/?l=bugtraq&m=111670506926649&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2005-1621
https://notcve.org/view.php?id=CVE-2005-1621
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. • http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48 http://marc.info/?l=bugtraq&m=111627124301526&w=2 http://news.postnuke.com/Article2690.html http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 http://www.vupen.com/english/advisories/2005/0553 •
CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 5CVE-2005-1049 – PostNuke Phoenix 0.760 RC3 - 'Module' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1049
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. • https://www.exploit-db.com/exploits/25367 https://www.exploit-db.com/exploits/25366 http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19 http://digitalparadox.org/advisories/postnuke.txt http://marc.info/?l=bugtraq&m=111298226029957&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679 http://secunia.com/advisories/14868 http://securitytracker.com/id?1013670 http://www.osvdb.org/15370& •