CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0617
https://notcve.org/view.php?id=CVE-2005-0617
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. • http://marc.info/?l=bugtraq&m=110962710805864&w=2 http://news.postnuke.com/Article2669.html http://securitytracker.com/id?1013324 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2004-1949
https://notcve.org/view.php?id=CVE-2004-1949
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html http://marc.info/?l=bugtraq&m=108256503718978&w=2 http://news.postnuke.com/Article2580.html http://secunia.com/advisories/11386 http://securitytracker.com/id?1009801 http://www.osvdb.org/5368 http://www.osvdb.org/5369 http://www.securityfocus.com/bid/10146 https://exchange.xforce.ibmcloud.com/vulnerabilities/15869 https://exchange.xforce.ibmcloud.com/vulnerabilities/15875 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2004-2751
https://notcve.org/view.php?id=CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html http://community.postnuke.com/Article2535.htm http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php http://www.osvdb.org/3334 https://exchange.xforce.ibmcloud.com/vulnerabilities/11500 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2752
https://notcve.org/view.php?id=CVE-2004-2752
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. • http://securitytracker.com/id?1008629 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html http://www.gulftech.org/01032004.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2004-1956
https://notcve.org/view.php?id=CVE-2004-1956
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. • http://marc.info/?l=bugtraq&m=108258902000472&w=2 http://www.securityfocus.com/bid/10191 http://www.waraxe.us/index.php?modname=sa&id=22 https://exchange.xforce.ibmcloud.com/vulnerabilities/15933 •