CVE-2005-0433
https://notcve.org/view.php?id=CVE-2005-0433
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19344 •
CVE-2004-2295 – PHP-Nuke 6.x/7.x Reviews Module - 'order' SQL Injection
https://notcve.org/view.php?id=CVE-2004-2295
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. • https://www.exploit-db.com/exploits/24192 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html http://secunia.com/advisories/11852 http://www.osvdb.org/7000 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16407 •
CVE-2004-2297 – PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2297
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. • https://www.exploit-db.com/exploits/24193 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html http://secunia.com/advisories/11852 http://www.osvdb.org/7002 http://www.osvdb.org/7003 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16409 •
CVE-2004-2019
https://notcve.org/view.php?id=CVE-2004-2019
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108482957715299&w=2 http://secunia.com/advisories/11625 http://www.securityfocus.com/bid/10367 http://www.waraxe.us/index.php?modname=sa&id=29 https://exchange.xforce.ibmcloud.com/vulnerabilities/16170 •
CVE-2004-2296
https://notcve.org/view.php?id=CVE-2004-2296
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. • http://secunia.com/advisories/11852 http://www.osvdb.org/7001 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16408 •