CVE-2005-0434
https://notcve.org/view.php?id=CVE-2005-0434
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19346 •
CVE-2005-0433
https://notcve.org/view.php?id=CVE-2005-0433
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19344 •
CVE-2004-2295 – PHP-Nuke 6.x/7.x Reviews Module - 'order' SQL Injection
https://notcve.org/view.php?id=CVE-2004-2295
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. • https://www.exploit-db.com/exploits/24192 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html http://secunia.com/advisories/11852 http://www.osvdb.org/7000 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16407 •
CVE-2004-2297 – PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-2297
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. • https://www.exploit-db.com/exploits/24193 http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html http://secunia.com/advisories/11852 http://www.osvdb.org/7002 http://www.osvdb.org/7003 http://www.securityfocus.com/archive/1/365865 http://www.securityfocus.com/bid/10524 https://exchange.xforce.ibmcloud.com/vulnerabilities/16409 •
CVE-2004-1842 – PHP-Nuke 6.x/7.0/7.1 - Image Tag Admin Command Execution
https://notcve.org/view.php?id=CVE-2004-1842
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. • https://www.exploit-db.com/exploits/23835 http://marc.info/?l=bugtraq&m=108006309112075&w=2 http://secunia.com/advisories/11195 http://www.securityfocus.com/bid/9895 https://exchange.xforce.ibmcloud.com/vulnerabilities/15596 • CWE-352: Cross-Site Request Forgery (CSRF) •