Page 7 of 58 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19344 •

CVSS: 4.3EPSS: 1%CPEs: 15EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. • http://marc.info/?l=bugtraq&m=108482957715299&w=2 http://secunia.com/advisories/11625 http://www.osvdb.org/6225 http://www.osvdb.org/6226 http://www.securityfocus.com/bid/10367 http://www.waraxe.us/index.php?modname=sa&id=29 https://exchange.xforce.ibmcloud.com/vulnerabilities/16172 •

CVSS: 5.0EPSS: 17%CPEs: 15EXPL: 4

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. • https://www.exploit-db.com/exploits/24193 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html http://secunia.com/advisories/11852 http://www.osvdb.org/7002 http://www.osvdb.org/7003 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16409 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 3

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108482957715299&w=2 http://secunia.com/advisories/11625 http://www.securityfocus.com/bid/10367 http://www.waraxe.us/index.php?modname=sa&id=29 https://exchange.xforce.ibmcloud.com/vulnerabilities/16170 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. • https://www.exploit-db.com/exploits/23835 http://marc.info/?l=bugtraq&m=108006309112075&w=2 http://secunia.com/advisories/11195 http://www.securityfocus.com/bid/9895 https://exchange.xforce.ibmcloud.com/vulnerabilities/15596 • CWE-352: Cross-Site Request Forgery (CSRF) •