CVSS: 4.3EPSS: 1%CPEs: 14EXPL: 3CVE-2004-1930 – PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1930
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. • https://www.exploit-db.com/exploits/23990 http://marc.info/?l=bugtraq&m=108182759214035&w=2 http://secunia.com/advisories/11347 http://www.securityfocus.com/bid/10128 http://www.waraxe.us/index.php?modname=sa&id=16 https://exchange.xforce.ibmcloud.com/vulnerabilities/15842 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2004-1840
https://notcve.org/view.php?id=CVE-2004-1840
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 http://www.securityfocus.com/bid/9947 https://exchange.xforce.ibmcloud.com/vulnerabilities/15575 •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1839
https://notcve.org/view.php?id=CVE-2004-1839
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 http://www.securityfocus.com/bid/9946 •
CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 3CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0266 – PHP-Nuke 6.x/7.x - Public Message SQL Injection
https://notcve.org/view.php?id=CVE-2004-0266
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 http://marc.info/?l=bugtraq&m=107635110327066&w=2 http://www.securityfocus.com/bid/9615 https://exchange.xforce.ibmcloud.com/vulnerabilities/15080 •