CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0998
https://notcve.org/view.php?id=CVE-2005-0998
The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. • http://marc.info/?l=bugtraq&m=111289685724764&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0997 – PHP-Nuke 7.6 Web_Links Module - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2005-0997
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. • https://www.exploit-db.com/exploits/25360 http://marc.info/?l=bugtraq&m=111289685724764&w=2 •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 2CVE-2005-0434
https://notcve.org/view.php?id=CVE-2005-0434
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19346 •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1CVE-2005-0433
https://notcve.org/view.php?id=CVE-2005-0433
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19344 •
CVSS: 4.3EPSS: 1%CPEs: 15EXPL: 3CVE-2004-2020
https://notcve.org/view.php?id=CVE-2004-2020
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. • http://marc.info/?l=bugtraq&m=108482957715299&w=2 http://secunia.com/advisories/11625 http://www.osvdb.org/6225 http://www.osvdb.org/6226 http://www.securityfocus.com/bid/10367 http://www.waraxe.us/index.php?modname=sa&id=29 https://exchange.xforce.ibmcloud.com/vulnerabilities/16172 •