CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1028
https://notcve.org/view.php?id=CVE-2005-1028
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke 6.x hasta la versión 7.6 permite a atacantes remotos obtener información sensible a través de una petición directa a (1) index.php con el parámetro forum_admin establecido, (2) el módulo Surveys o (3) el módulo Your_Account, lo que revela la ruta en un mensaje de error PHP. • http://marc.info/?l=bugtraq&m=111272010303144&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1001
https://notcve.org/view.php?id=CVE-2005-1001
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. • http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19953 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2CVE-2005-0999 – PHP-Nuke 6.x < 7.6 Top module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-0999
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. • https://www.exploit-db.com/exploits/921 http://marc.info/?l=bugtraq&m=111281649616901&w=2 http://www.waraxe.us/advisory-41.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2005-1000 – PHP-Nuke 6.x/7.x Your_Account Module - 'Username' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1000
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. • https://www.exploit-db.com/exploits/25339 https://www.exploit-db.com/exploits/25340 https://www.exploit-db.com/exploits/25343 https://www.exploit-db.com/exploits/25342 http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html http://marc.info/?l=bugtraq&m=111263454308478&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19952 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0998
https://notcve.org/view.php?id=CVE-2005-0998
The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. • http://marc.info/?l=bugtraq&m=111289685724764&w=2 •