Page 70 of 372 results (0.011 seconds)

CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 5

CVE-2005-1049 – PostNuke Phoenix 0.760 RC3 - 'Module' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. • https://www.exploit-db.com/exploits/25367 https://www.exploit-db.com/exploits/25366 http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19 http://digitalparadox.org/advisories/postnuke.txt http://marc.info/?l=bugtraq&m=111298226029957&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679 http://secunia.com/advisories/14868 http://securitytracker.com/id?1013670 http://www.osvdb.org/15370& •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-0615

https://notcve.org/view.php?id=CVE-2005-0615

Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. • http://marc.info/?l=bugtraq&m=110962819232255&w=2 http://news.postnuke.com/Article2669.html http://securitytracker.com/id?1013324 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2005-0617

https://notcve.org/view.php?id=CVE-2005-0617

SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. • http://marc.info/?l=bugtraq&m=110962710805864&w=2 http://news.postnuke.com/Article2669.html http://securitytracker.com/id?1013324 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2005-0616

https://notcve.org/view.php?id=CVE-2005-0616

Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. • http://marc.info/?l=bugtraq&m=110962768300373&w=2 http://news.postnuke.com/Article2669.html http://securitytracker.com/id?1013324 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2004-2479

https://notcve.org/view.php?id=CVE-2004-2479

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. • http://fedoranews.org/updates/FEDORA--.shtml http://secunia.com/advisories/13408 http://secunia.com/advisories/16977 http://securitytracker.com/id?1012466 http://www.osvdb.org/12282 http://www.redhat.com/support/errata/RHSA-2005-766.html http://www.securityfocus.com/bid/11865 http://www.squid-cache.org/bugs/show_bug.cgi?id=1143 https://exchange.xforce.ibmcloud.com/vulnerabilities/18406 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9711 •