Filtered by vendor Francisco Burzi
Subscriptions
Filtered by product Php-nuke
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | ||||
| CVE-2002-1803 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | ||||
| CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | ||||
| CVE-2004-0269 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | ||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | ||||
| CVE-2002-2032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. | ||||
| CVE-2001-1025 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. | ||||
| CVE-2001-1032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | ||||
| CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | ||||
| CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | ||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | ||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | ||||
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | ||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2004-1987 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | N/A |
| picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. | ||||
| CVE-2004-1988 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. | ||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | ||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2002-0206 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | ||||
| CVE-2005-0998 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | ||||