Filtered by vendor Francisco Burzi
Subscribe
Total
99 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0461 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-6376 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-5032 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 5.1 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | |||||
CVE-2007-1061 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). | |||||
CVE-2007-0372 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | |||||
CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
CVE-2006-6234 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | |||||
CVE-2006-6200 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
CVE-2006-5720 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | |||||
CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-1846 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. | |||||
CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | |||||
CVE-2006-0907 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | |||||
CVE-2006-0805 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | |||||
CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | |||||
CVE-2006-0676 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. | |||||
CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | |||||
CVE-2005-4260 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 4.3 MEDIUM | N/A |
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. | |||||
CVE-2005-3792 | 1 Francisco Burzi | 1 Php-nuke | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. |