8 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). La función pnVarPrepForStore en PostNuke 0.764 y anteriores se salta las entradas de limpieza cuando está habilitado magic_quotes_runtime, lo que permite a atacantes remotos llevar a cabo ataques de inyección SQL y ejecutar comandos SQL de su elección a través de entradas asociadas con variables de servidor, como se demostró por la cabecera CLIENT_IP HTTP (variable HTTP_CLIENT_IP). • https://www.exploit-db.com/exploits/5292 http://www.securityfocus.com/bid/28407 https://exchange.xforce.ibmcloud.com/vulnerabilities/41375 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message. PostNuke 0.7.5.0, y otras versiones concretas sin importancia, permiten a atacantes remotos la obtención de información sensible a través de un valor no numérico en el parámetro stop, el cual muestra la ruta en un mensaje de error. • http://www.securityfocus.com/archive/1/452283/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/30474 •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. Vulnerabilidad de escalado de directorio en error.php en PostNuke 0.7.63 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales de su elección mediante un .. (punto punto) en la cookie PNSVlang (PNSV lang), como ha sido demostrado inyectando secuencias PHP en el archivo de registro del Servidor HTTP Apache, que luego es incluido por error.php. • https://www.exploit-db.com/exploits/2707 http://community.postnuke.com/Article2787.htm http://secunia.com/advisories/22983 http://www.securityfocus.com/bid/20897 http://www.securityfocus.com/bid/21218 https://exchange.xforce.ibmcloud.com/vulnerabilities/29992 •

CVSS: 5.1EPSS: 2%CPEs: 1EXPL: 1

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. • https://www.exploit-db.com/exploits/27255 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24827 •

CVSS: 2.6EPSS: 0%CPEs: 19EXPL: 2

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. • https://www.exploit-db.com/exploits/27254 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •