Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown

CVE-2007-6376

Disclosure Date: December 15, 2007 (last updated October 04, 2023)
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
0
0
Attacker Value
Unknown

CVE-2004-1914

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
0
0
Attacker Value
Unknown

CVE-2004-1913

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
0
0
Attacker Value
Unknown

CVE-2004-1912

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
0
0
Attacker Value
Unknown

CVE-2004-0731

Disclosure Date: July 27, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
0
0
Attacker Value
Unknown

CVE-2004-0732

Disclosure Date: July 27, 2004 (last updated February 22, 2025)
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
0
0
Attacker Value
Unknown

CVE-2004-0738

Disclosure Date: July 27, 2004 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
0
0
Attacker Value
Unknown

CVE-2004-0737

Disclosure Date: July 27, 2004 (last updated February 22, 2025)
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
0
0
Attacker Value
Unknown

CVE-2004-0736

Disclosure Date: July 27, 2004 (last updated February 22, 2025)
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
0
0
Attacker Value
Unknown

CVE-2001-1522

Disclosure Date: December 31, 2001 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
0
0
View More Topics  Next >