Filtered by vendor Francisco Burzi
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0001 | 1 Francisco Burzi | 1 Php-nuke | 2017-10-09 | 7.5 HIGH | N/A |
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | |||||
CVE-2001-0900 | 1 Francisco Burzi | 1 Gallery | 2017-10-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. | |||||
CVE-2008-0461 | 1 Francisco Burzi | 1 Php-nuke | 2017-09-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-28 | 4.3 MEDIUM | N/A |
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
CVE-2003-1435 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | |||||
CVE-2003-1400 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | |||||
CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2017-07-19 | 7.5 HIGH | N/A |
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-19 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | |||||
CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-18 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-18 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. | |||||
CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | |||||
CVE-2005-0434 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | |||||
CVE-2005-0433 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 5.0 MEDIUM | N/A |
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. | |||||
CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | |||||
CVE-2005-1180 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 5.0 MEDIUM | N/A |
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. | |||||
CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | |||||
CVE-2005-1024 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 5.0 MEDIUM | N/A |
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | |||||
CVE-2005-1000 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. | |||||
CVE-2005-1001 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 5.0 MEDIUM | N/A |
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. |