Filtered by vendor Francisco Burzi
Subscriptions
Filtered by product Php-nuke
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | ||||
| CVE-2005-3016 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. | ||||
| CVE-2001-1522 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. | ||||
| CVE-2002-1803 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | ||||
| CVE-2002-2032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. | ||||
| CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | ||||
| CVE-2003-1400 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | ||||
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | ||||
| CVE-2001-1032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | ||||
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. | ||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2004-0269 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | ||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | ||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2025-04-03 | N/A |
| PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | ||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | ||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | ||||
| CVE-2003-1526 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | ||||
| CVE-2003-1547 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | ||||
| CVE-2001-1025 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. | ||||