All the vulnerabilites related to postnuke_software_foundation - postnuke
cve-2005-1777
Vulnerability from cvelistv5
Published
2005-05-31 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111721364707520&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1014066 | vdb-entry, x_refsource_SECTRACK | |
| http://news.postnuke.com/Article2691.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"name": "1014066",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2691.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"name": "1014066",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2691.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"name": "1014066",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014066"
},
{
"name": "http://news.postnuke.com/Article2691.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2691.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1777",
"datePublished": "2005-05-31T04:00:00",
"dateReserved": "2005-05-31T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6233
Vulnerability from cvelistv5
Published
2006-12-02 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/437832/100/200/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1952 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060617 Module\u0027s Name Downloads \u003c\u003c--V 7 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437832/100/200/threaded"
},
{
"name": "1952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1952"
},
{
"name": "phpnuke-module-sqlinjection(27501)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060617 Module\u0027s Name Downloads \u003c\u003c--V 7 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437832/100/200/threaded"
},
{
"name": "1952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1952"
},
{
"name": "phpnuke-module-sqlinjection(27501)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060617 Module\u0027s Name Downloads \u003c\u003c--V 7 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437832/100/200/threaded"
},
{
"name": "1952",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1952"
},
{
"name": "phpnuke-module-sqlinjection(27501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6233",
"datePublished": "2006-12-02T11:00:00",
"dateReserved": "2006-12-01T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1696
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670506926649&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1696",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0385
Vulnerability from cvelistv5
Published
2007-01-19 23:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35472 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | mailing-list, x_refsource_FULLDISC | |
| http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke | x_refsource_CONFIRM | |
| http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911 | x_refsource_CONFIRM | |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35472"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via \"unvalidated output\" in FAQ/index.php, possibly involving an undefined id_cat variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35472"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via \"unvalidated output\" in FAQ/index.php, possibly involving an undefined id_cat variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35472",
"refsource": "OSVDB",
"url": "http://osvdb.org/35472"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke",
"refsource": "CONFIRM",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"name": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911",
"refsource": "CONFIRM",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0385",
"datePublished": "2007-01-19T23:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T12:19:29.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1956
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10191 | vdb-entry, x_refsource_BID | |
| http://www.waraxe.us/index.php?modname=sa&id=22 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15933 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108258902000472&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "postnuke-scripts-modules-path-disclosure(15933)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15933"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "postnuke-scripts-modules-path-disclosure(15933)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15933"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10191"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=22",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "postnuke-scripts-modules-path-disclosure(15933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15933"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1956",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1957
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10191 | vdb-entry, x_refsource_BID | |
| http://www.waraxe.us/index.php?modname=sa&id=22 | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=108258902000472&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15934 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"name": "postnuke-openwindow-xss(15934)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"name": "postnuke-openwindow-xss(15934)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15934"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10191"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa\u0026id=22",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"name": "20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"name": "postnuke-openwindow-xss(15934)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1957",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1048
Vulnerability from cvelistv5
Published
2005-04-12 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digitalparadox.org/advisories/postnuke.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20019 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=111298226029957&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/15371 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/14868/ | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1013670 | vdb-entry, x_refsource_SECTRACK | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "postnuke-sid-sql-injection(20019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20019"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "15371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15371"
},
{
"name": "14868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "postnuke-sid-sql-injection(20019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20019"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "15371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15371"
},
{
"name": "14868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digitalparadox.org/advisories/postnuke.txt",
"refsource": "MISC",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "postnuke-sid-sql-injection(20019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20019"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "15371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15371"
},
{
"name": "14868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679",
"refsource": "MISC",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1048",
"datePublished": "2005-04-12T04:00:00",
"dateReserved": "2005-04-12T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1695
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670482500552&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=111670506926649&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670482500552\u0026w=2"
},
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670482500552\u0026w=2"
},
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670482500552\u0026w=2"
},
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1695",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1949
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/5369 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10146 | vdb-entry, x_refsource_BID | |
| http://news.postnuke.com/Article2580.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15869 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108256503718978&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/5368 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1009801 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15875 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11386 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5369"
},
{
"name": "10146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2580.html"
},
{
"name": "postnuke-indexphp-sql-injection(15869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869"
},
{
"name": "20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108256503718978\u0026w=2"
},
{
"name": "20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html"
},
{
"name": "5368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5368"
},
{
"name": "1009801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009801"
},
{
"name": "postnuke-changeinfo-sql-injection(15875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875"
},
{
"name": "11386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5369"
},
{
"name": "10146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2580.html"
},
{
"name": "postnuke-indexphp-sql-injection(15869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869"
},
{
"name": "20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108256503718978\u0026w=2"
},
{
"name": "20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html"
},
{
"name": "5368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5368"
},
{
"name": "1009801",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009801"
},
{
"name": "postnuke-changeinfo-sql-injection(15875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875"
},
{
"name": "11386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5369",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5369"
},
{
"name": "10146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10146"
},
{
"name": "http://news.postnuke.com/Article2580.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2580.html"
},
{
"name": "postnuke-indexphp-sql-injection(15869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869"
},
{
"name": "20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108256503718978\u0026w=2"
},
{
"name": "20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html"
},
{
"name": "5368",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5368"
},
{
"name": "1009801",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009801"
},
{
"name": "postnuke-changeinfo-sql-injection(15875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875"
},
{
"name": "11386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1949",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1537
Vulnerability from cvelistv5
Published
2007-11-14 02:00
Modified
2024-09-17 01:57
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-14T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1537",
"datePublished": "2007-11-14T02:00:00Z",
"dateReserved": "2007-11-13T00:00:00Z",
"dateUpdated": "2024-09-17T01:57:05.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2752
Vulnerability from cvelistv5
Published
2007-11-14 02:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1008629 | vdb-entry, x_refsource_SECTRACK | |
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gulftech.org/01032004.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1008629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/01032004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-14T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1008629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/01032004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1008629",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008629"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"name": "http://www.gulftech.org/01032004.php",
"refsource": "MISC",
"url": "http://www.gulftech.org/01032004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2752",
"datePublished": "2007-11-14T02:00:00Z",
"dateReserved": "2007-11-13T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:24.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0535
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8884 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4561 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/8881.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4559 | vdb-entry, x_refsource_BID | |
| http://online.securityfocus.com/archive/1/267936 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "postboard-title-css(8884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8884"
},
{
"name": "4561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4561"
},
{
"name": "postboard-img-css(8881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8881.php"
},
{
"name": "4559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4559"
},
{
"name": "20020416 Multiple Vulnerabilities in PostBoard",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/267936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "postboard-title-css(8884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8884"
},
{
"name": "4561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4561"
},
{
"name": "postboard-img-css(8881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8881.php"
},
{
"name": "4559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4559"
},
{
"name": "20020416 Multiple Vulnerabilities in PostBoard",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/267936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "postboard-title-css(8884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8884"
},
{
"name": "4561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4561"
},
{
"name": "postboard-img-css(8881)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8881.php"
},
{
"name": "4559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4559"
},
{
"name": "20020416 Multiple Vulnerabilities in PostBoard",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/267936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0535",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0384
Vulnerability from cvelistv5
Published
2007-01-19 23:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35473 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | mailing-list, x_refsource_FULLDISC | |
| http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/22119 | vdb-entry, x_refsource_BID | |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35473"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"name": "22119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35473",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35473"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"name": "22119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35473",
"refsource": "OSVDB",
"url": "http://osvdb.org/35473"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke",
"refsource": "CONFIRM",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"name": "22119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22119"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0384",
"datePublished": "2007-01-19T23:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T12:19:29.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5121
Vulnerability from cvelistv5
Published
2006-10-02 20:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29271 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/1669 | third-party-advisory, x_refsource_SREASON | |
| http://community.postnuke.com/index.php?name=News&file=article&sid=2783 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/22197 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/20317 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/447361/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/3886 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "postnuke-admin-sql-injection(29271)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
},
{
"name": "1669",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783"
},
{
"name": "22197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22197"
},
{
"name": "20317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20317"
},
{
"name": "20060929 Sql injection in PostNuke [Admin section]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"name": "ADV-2006-3886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "postnuke-admin-sql-injection(29271)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
},
{
"name": "1669",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783"
},
{
"name": "22197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22197"
},
{
"name": "20317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20317"
},
{
"name": "20060929 Sql injection in PostNuke [Admin section]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"name": "ADV-2006-3886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "postnuke-admin-sql-injection(29271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
},
{
"name": "1669",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1669"
},
{
"name": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783",
"refsource": "CONFIRM",
"url": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783"
},
{
"name": "22197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22197"
},
{
"name": "20317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20317"
},
{
"name": "20060929 Sql injection in PostNuke [Admin section]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"name": "ADV-2006-3886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5121",
"datePublished": "2006-10-02T20:00:00",
"dateReserved": "2006-10-02T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0617
Vulnerability from cvelistv5
Published
2005-03-02 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://news.postnuke.com/Article2669.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013324 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=110962710805864&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=\u003ex cXIb8O3.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110962710805864\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=\u003ex cXIb8O3.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110962710805864\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.postnuke.com/Article2669.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=\u003ex cXIb8O3.3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110962710805864\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0617",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1698
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670506926649&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1698",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0146
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2689
Vulnerability from cvelistv5
Published
2005-08-24 04:00
Modified
2024-09-16 23:02
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/408818 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14635 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"name": "14635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"name": "14635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"name": "14635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2689",
"datePublished": "2005-08-24T04:00:00Z",
"dateReserved": "2005-08-24T00:00:00Z",
"dateUpdated": "2024-09-16T23:02:06.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0386
Vulnerability from cvelistv5
Published
2007-01-19 23:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35471 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | mailing-list, x_refsource_FULLDISC | |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35471"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to \"an interesting bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35471"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to \"an interesting bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35471",
"refsource": "OSVDB",
"url": "http://osvdb.org/35471"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0386",
"datePublished": "2007-01-19T23:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T12:19:29.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5733
Vulnerability from cvelistv5
Published
2006-11-06 18:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/2707 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/22983 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21218 | vdb-entry, x_refsource_BID | |
| http://community.postnuke.com/Article2787.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29992 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/20897 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2707",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2707"
},
{
"name": "22983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22983"
},
{
"name": "21218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.postnuke.com/Article2787.htm"
},
{
"name": "postnuke-pnapi-file-include(29992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992"
},
{
"name": "20897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2707",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2707"
},
{
"name": "22983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22983"
},
{
"name": "21218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.postnuke.com/Article2787.htm"
},
{
"name": "postnuke-pnapi-file-include(29992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992"
},
{
"name": "20897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2707",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2707"
},
{
"name": "22983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22983"
},
{
"name": "21218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21218"
},
{
"name": "http://community.postnuke.com/Article2787.htm",
"refsource": "CONFIRM",
"url": "http://community.postnuke.com/Article2787.htm"
},
{
"name": "postnuke-pnapi-file-include(29992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992"
},
{
"name": "20897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5733",
"datePublished": "2006-11-06T18:00:00",
"dateReserved": "2006-11-06T00:00:00",
"dateUpdated": "2024-08-07T20:04:54.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1521
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://online.securityfocus.com/archive/1/245691 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/7654.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/82/243545 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3609 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011215 PHPNuke holes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/245691"
},
{
"name": "phpnuke-postnuke-css(7654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7654.php"
},
{
"name": "20011203 Phpnuke Cross site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/82/243545"
},
{
"name": "3609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011215 PHPNuke holes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/245691"
},
{
"name": "phpnuke-postnuke-css(7654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7654.php"
},
{
"name": "20011203 Phpnuke Cross site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/82/243545"
},
{
"name": "3609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011215 PHPNuke holes",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/245691"
},
{
"name": "phpnuke-postnuke-css(7654)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7654.php"
},
{
"name": "20011203 Phpnuke Cross site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/82/243545"
},
{
"name": "3609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1521",
"datePublished": "2005-07-14T04:00:00",
"dateReserved": "2005-07-14T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6267
Vulnerability from cvelistv5
Published
2006-12-04 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/452283/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30474 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061121 Vulnerability in PostNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452283/100/100/threaded"
},
{
"name": "postnuke-user-information-disclosure(30474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061121 Vulnerability in PostNuke",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452283/100/100/threaded"
},
{
"name": "postnuke-user-information-disclosure(30474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061121 Vulnerability in PostNuke",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452283/100/100/threaded"
},
{
"name": "postnuke-user-information-disclosure(30474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6267",
"datePublished": "2006-12-04T11:00:00",
"dateReserved": "2006-12-03T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0615
Vulnerability from cvelistv5
Published
2005-03-02 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://news.postnuke.com/Article2669.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013324 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=110962819232255&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110962819232255\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110962819232255\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.postnuke.com/Article2669.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2669.html"
},
{
"name": "1013324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013324"
},
{
"name": "20050228 [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=\u003ex",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110962819232255\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0615",
"datePublished": "2005-03-02T05:00:00",
"dateReserved": "2005-03-02T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2690
Vulnerability from cvelistv5
Published
2005-08-24 04:00
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/14636 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/408818 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14636",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14636"
},
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14636",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14636"
},
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14636"
},
{
"name": "20050822 [SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=\u003ex cXIb8O3.15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2690",
"datePublished": "2005-08-24T04:00:00Z",
"dateReserved": "2005-08-24T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:47.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1460
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/921547 | third-party-advisory, x_refsource_CERT-VN | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3435 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7280 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#921547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/921547"
},
{
"name": "20011013 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html"
},
{
"name": "3435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3435"
},
{
"name": "20011012 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html"
},
{
"name": "postnuke-getusrinfo-bypass-authentication(7280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#921547",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/921547"
},
{
"name": "20011013 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html"
},
{
"name": "3435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3435"
},
{
"name": "20011012 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html"
},
{
"name": "postnuke-getusrinfo-bypass-authentication(7280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#921547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/921547"
},
{
"name": "20011013 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html"
},
{
"name": "3435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3435"
},
{
"name": "20011012 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html"
},
{
"name": "postnuke-getusrinfo-bypass-authentication(7280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1460",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0801
Vulnerability from cvelistv5
Published
2006-02-20 22:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0673 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16752 | vdb-entry, x_refsource_BID | |
| http://news.postnuke.com/index.php?name=News&file=article&sid=2754 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24827 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/18937 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/454 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "postnuke-nslanguages-sql-injection(24827)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "postnuke-nslanguages-sql-injection(24827)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "16752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16752"
},
{
"name": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "postnuke-nslanguages-sql-injection(24827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0801",
"datePublished": "2006-02-20T22:00:00",
"dateReserved": "2006-02-20T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1778
Vulnerability from cvelistv5
Published
2005-05-31 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111721364707520&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://news.postnuke.com/Article2691.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2691.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2691.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050527 PostNuke Critical SQL Injection and XSS 0.750=\u003ex",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"name": "http://news.postnuke.com/Article2691.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2691.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1778",
"datePublished": "2005-05-31T04:00:00",
"dateReserved": "2005-05-31T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1699
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670586322172&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1699",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2015
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4381 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/8699.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020327 postnuke v 0.7.0.3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html"
},
{
"name": "4381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4381"
},
{
"name": "postnuke-caselist-include-modules(8699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8699.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020327 postnuke v 0.7.0.3 remote command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html"
},
{
"name": "4381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4381"
},
{
"name": "postnuke-caselist-include-modules(8699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8699.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020327 postnuke v 0.7.0.3 remote command execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html"
},
{
"name": "4381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4381"
},
{
"name": "postnuke-caselist-include-modules(8699)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8699.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2015",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:34.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1996
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8605.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4350 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html | mailing-list, x_refsource_BUGTRAQ | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "postnuke-modules-index-css(8605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8605.php"
},
{
"name": "20020322 PostNuke Bugged",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html"
},
{
"name": "4350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4350"
},
{
"name": "20020322 Re: PostNuke Bugged",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:40:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "postnuke-modules-index-css(8605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8605.php"
},
{
"name": "20020322 PostNuke Bugged",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html"
},
{
"name": "4350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4350"
},
{
"name": "20020322 Re: PostNuke Bugged",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "postnuke-modules-index-css(8605)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8605.php"
},
{
"name": "20020322 PostNuke Bugged",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html"
},
{
"name": "4350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4350"
},
{
"name": "20020322 Re: PostNuke Bugged",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1996",
"datePublished": "2005-07-14T04:00:00",
"dateReserved": "2005-07-14T00:00:00",
"dateUpdated": "2024-08-08T03:43:33.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1694
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670823128472&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke SQL Injection 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670823128472\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke SQL Injection 0.750=\u003ex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670823128472\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke SQL Injection 0.750=\u003ex",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670823128472\u0026w=2"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1694",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1050
Vulnerability from cvelistv5
Published
2005-04-12 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digitalparadox.org/advisories/postnuke.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111298226029957&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013670 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20020 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "postnuke-modules-full-path-disclosure(20020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "postnuke-modules-full-path-disclosure(20020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digitalparadox.org/advisories/postnuke.txt",
"refsource": "MISC",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "1013670",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "postnuke-modules-full-path-disclosure(20020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1050",
"datePublished": "2005-04-12T04:00:00",
"dateReserved": "2005-04-12T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0802
Vulnerability from cvelistv5
Published
2006-02-20 22:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0673 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/16752 | vdb-entry, x_refsource_BID | |
| http://news.postnuke.com/index.php?name=News&file=article&sid=2754 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/18937 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/454 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16752"
},
{
"name": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0802",
"datePublished": "2006-02-20T22:00:00",
"dateReserved": "2006-02-20T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0147
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1621
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/0553 | vdb-entry, x_refsource_VUPEN | |
| http://news.postnuke.com/Article2690.html | x_refsource_CONFIRM | |
| http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47&r2=1.48 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=111627124301526&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/Article2690.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48"
},
{
"name": "20050516 Postnuke 0.750 - 0.760rc4 local file inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/Article2690.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48"
},
{
"name": "20050516 Postnuke 0.750 - 0.760rc4 local file inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0553"
},
{
"name": "http://news.postnuke.com/Article2690.html",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/Article2690.html"
},
{
"name": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48",
"refsource": "CONFIRM",
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48"
},
{
"name": "20050516 Postnuke 0.750 - 0.760rc4 local file inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1621",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:23.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1049
Vulnerability from cvelistv5
Published
2005-04-12 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digitalparadox.org/advisories/postnuke.txt | x_refsource_MISC | |
| http://www.osvdb.org/15370 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=111298226029957&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/13076 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/14868/ | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1013670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/13075 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20018 | vdb-entry, x_refsource_XF | |
| http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679 | x_refsource_MISC | |
| http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "15370",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15370"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "13076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13076"
},
{
"name": "14868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "13075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13075"
},
{
"name": "postnuke-adminphp-userphp-xss(20018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "15370",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15370"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "13076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13076"
},
{
"name": "14868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "13075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13075"
},
{
"name": "postnuke-adminphp-userphp-xss(20018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digitalparadox.org/advisories/postnuke.txt",
"refsource": "MISC",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"name": "15370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15370"
},
{
"name": "20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"name": "13076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13076"
},
{
"name": "14868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14868/"
},
{
"name": "1013670",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013670"
},
{
"name": "13075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13075"
},
{
"name": "postnuke-adminphp-userphp-xss(20018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20018"
},
{
"name": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679",
"refsource": "MISC",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"name": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19",
"refsource": "MISC",
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1049",
"datePublished": "2005-04-12T04:00:00",
"dateReserved": "2005-04-12T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1700
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111670586322172&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=\u003ex cXIb8O3.10",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1700",
"datePublished": "2005-05-24T04:00:00",
"dateReserved": "2005-05-24T00:00:00",
"dateUpdated": "2024-08-07T21:59:24.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0911
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7596 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/3567 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=100638850219503&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpnuke-postnuke-insecure-passwords(7596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
},
{
"name": "3567",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3567"
},
{
"name": "20011121 PhpNuke Admin password can be stolen !",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpnuke-postnuke-insecure-passwords(7596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
},
{
"name": "3567",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3567"
},
{
"name": "20011121 PhpNuke Admin password can be stolen !",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpnuke-postnuke-insecure-passwords(7596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
},
{
"name": "3567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3567"
},
{
"name": "20011121 PhpNuke Admin password can be stolen !",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0911",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2751
Vulnerability from cvelistv5
Published
2007-11-14 02:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/3334 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html | mailing-list, x_refsource_VULNWATCH | |
| http://securitytracker.com/id?1008629 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html | x_refsource_CONFIRM | |
| http://community.postnuke.com/Article2535.htm | x_refsource_CONFIRM | |
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11500 | vdb-entry, x_refsource_XF | |
| http://www.gulftech.org/01032004.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3334"
},
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"name": "1008629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.postnuke.com/Article2535.htm"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"name": "postnuke-memberslist-sql-injection(11500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/01032004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3334"
},
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"name": "1008629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.postnuke.com/Article2535.htm"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"name": "postnuke-memberslist-sql-injection(11500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/01032004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3334",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3334"
},
{
"name": "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"name": "1008629",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008629"
},
{
"name": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html",
"refsource": "CONFIRM",
"url": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html"
},
{
"name": "http://community.postnuke.com/Article2535.htm",
"refsource": "CONFIRM",
"url": "http://community.postnuke.com/Article2535.htm"
},
{
"name": "20040102 PostNuke Issues (0.726 \u0026\u0026 Possibly Older)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"name": "postnuke-memberslist-sql-injection(11500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11500"
},
{
"name": "http://www.gulftech.org/01032004.php",
"refsource": "MISC",
"url": "http://www.gulftech.org/01032004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2751",
"datePublished": "2007-11-14T02:00:00",
"dateReserved": "2007-11-13T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0800
Vulnerability from cvelistv5
Published
2006-02-20 22:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0673 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/16752 | vdb-entry, x_refsource_BID | |
| http://news.postnuke.com/index.php?name=News&file=article&sid=2754 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/18937 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/454 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing \"\u003c\" character, which is interpreted as a \"\u003e\" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing \"\u003c\" character, which is interpreted as a \"\u003e\" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"name": "postnuke-user-nslanguages-xss(24823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"name": "16752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16752"
},
{
"name": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754",
"refsource": "CONFIRM",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"name": "20060219 Multiple vulnerabilities in PostNuke \u003c= 0.761",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"name": "18937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18937"
},
{
"name": "454",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0800",
"datePublished": "2006-02-20T22:00:00",
"dateReserved": "2006-02-20T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-10-03 04:03
Modified
2024-11-21 00:17
Severity ?
Summary
SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.762 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*",
"matchCriteriaId": "11B4716F-F173-4026-87C2-A3A97DA0CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en modules/Downloads/admin.php en la secci\u00f3n Admin de PostNuke 0.762 permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro hits."
}
],
"id": "CVE-2006-5121",
"lastModified": "2024-11-21T00:17:57.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-03T04:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22197"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1669"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20317"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3886"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-21 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php."
}
],
"id": "CVE-2004-1957",
"lastModified": "2024-11-20T23:52:09.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-04-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15934"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 | |
| postnuke_software_foundation | postnuke | 0.760_rc2 | |
| postnuke_software_foundation | postnuke | 0.760_rc3 | |
| postnuke_software_foundation | postnuke | 0.760_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3700514A-DB69-49F4-AB13-B9DAEB93F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "04899497-8B17-4428-9E60-EF8FDEA5F966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php."
}
],
"id": "CVE-2005-1621",
"lastModified": "2024-11-20T23:57:45.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://news.postnuke.com/Article2690.html"
},
{
"source": "cve@mitre.org",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnMod.php.diff?r1=1.47\u0026r2=1.48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111627124301526\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.postnuke.com/Article2690.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-20 22:02
Modified
2024-11-21 00:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76FC3B0-C5DF-4BDE-9219-F548A6A597F3",
"versionEndIncluding": "0.761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation."
}
],
"evaluatorComment": "Successful exploitation requires that the \"magic_quotes_gpc\" parameter is disabled.",
"id": "CVE-2006-0802",
"lastModified": "2024-11-21T00:07:22.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-02-20T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "cve@mitre.org",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-06 18:07
Modified
2024-11-21 00:20
Severity ?
Summary
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | * | |
| postnuke_software_foundation | postnuke | 0.762 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9191B20D-0FA6-42D8-9051-EA7180A13C2F",
"versionEndIncluding": "0.763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*",
"matchCriteriaId": "11B4716F-F173-4026-87C2-A3A97DA0CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de directorio en error.php en PostNuke 0.7.63 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales de su elecci\u00f3n mediante un .. (punto punto) en la cookie PNSVlang (PNSV lang), como ha sido demostrado inyectando secuencias PHP en el archivo de registro del Servidor HTTP Apache, que luego es incluido por error.php."
}
],
"id": "CVE-2006-5733",
"lastModified": "2024-11-21T00:20:20.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-06T18:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.postnuke.com/Article2787.htm"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22983"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20897"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21218"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.postnuke.com/Article2787.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2707"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 | |
| postnuke_software_foundation | postnuke | 0.760_rc2 | |
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3700514A-DB69-49F4-AB13-B9DAEB93F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php."
}
],
"id": "CVE-2005-1695",
"lastModified": "2024-11-20T23:57:55.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670482500552\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670482500552\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-19 23:28
Modified
2024-11-21 00:25
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.764 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.764:*:*:*:*:*:*:*",
"matchCriteriaId": "17FC27B7-4C5E-4C9B-9836-6EF55EFDDBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilida de secuencias de comandos en sitios cruzados (XSS) en preview en la secci\u00f3n reviews en PostNuke 0.764 permite a atacantes remotos inyectar secuencias de comando web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-0384",
"lastModified": "2024-11-21T00:25:43.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-01-19T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "cve@mitre.org",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35473"
},
{
"source": "cve@mitre.org",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2024-11-21 00:05
Severity ?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE171CCD-6AEE-4FCB-9F45-C7CFDE84D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"id": "CVE-2006-0146",
"lastModified": "2024-11-21T00:05:45.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750."
}
],
"id": "CVE-2005-1048",
"lastModified": "2024-11-20T23:56:28.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15371"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postboard | postboard | 2.0 | |
| postboard | postboard | 2.0.1 | |
| postnuke_software_foundation | postnuke | 0.64 | |
| postnuke_software_foundation | postnuke | 0.70 | |
| postnuke_software_foundation | postnuke | 0.71 | |
| postnuke_software_foundation | postnuke | 0.703 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postboard:postboard:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39CE2C7F-06B4-41F7-823E-1EA4063F5683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postboard:postboard:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9240838D-1251-4F67-960A-FF9888C55861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "ED90D204-84B5-4EA4-B21D-A6CE37E45CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D14AA995-3B50-4B91-9634-0D63B0BD35EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC564FD-9700-4979-93C0-BA93E57FEF03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title."
}
],
"id": "CVE-2002-0535",
"lastModified": "2024-11-20T23:39:18.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/267936"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8881.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4559"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4561"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/267936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8881.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message."
}
],
"id": "CVE-2005-1050",
"lastModified": "2024-11-20T23:56:29.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3700514A-DB69-49F4-AB13-B9DAEB93F303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter."
}
],
"id": "CVE-2005-0615",
"lastModified": "2024-11-20T23:55:31.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110962819232255\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110962819232255\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013324"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-21 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message."
}
],
"id": "CVE-2004-1956",
"lastModified": "2024-11-20T23:52:08.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108258902000472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.waraxe.us/index.php?modname=sa\u0026id=22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15933"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.703 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC564FD-9700-4979-93C0-BA93E57FEF03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter."
}
],
"id": "CVE-2002-2015",
"lastModified": "2024-11-20T23:42:40.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/8699.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/4381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/8699.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/4381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled."
}
],
"id": "CVE-2005-1049",
"lastModified": "2024-11-20T23:56:29.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19"
},
{
"source": "cve@mitre.org",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15370"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13075"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13076"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18\u0026r2=1.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digitalparadox.org/advisories/postnuke.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111298226029957\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14868/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter."
}
],
"id": "CVE-2005-1700",
"lastModified": "2024-11-20T23:57:55.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-19 23:28
Modified
2024-11-21 00:25
Severity ?
Summary
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.764 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.764:*:*:*:*:*:*:*",
"matchCriteriaId": "17FC27B7-4C5E-4C9B-9836-6EF55EFDDBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to \"an interesting bug.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la secci\u00f3n rating en PostNuke 0.764 tiene un impacto desconocido y vectores de ataque, relacionado con \"un bug interesante\"."
}
],
"id": "CVE-2007-0386",
"lastModified": "2024-11-21T00:25:44.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-19T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35471"
},
{
"source": "cve@mitre.org",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter."
}
],
"id": "CVE-2005-1694",
"lastModified": "2024-11-20T23:57:55.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670823128472\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670823128472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-04 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.7.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8737D2D3-1A37-40DB-80AD-EA249BF56F5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message."
},
{
"lang": "es",
"value": "PostNuke 0.7.5.0, y otras versiones concretas sin importancia, permiten a atacantes remotos la obtenci\u00f3n de informaci\u00f3n sensible a trav\u00e9s de un valor no num\u00e9rico en el par\u00e1metro stop, el cual muestra la ruta en un mensaje de error."
}
],
"id": "CVE-2006-6267",
"lastModified": "2024-11-21T00:22:18.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-04T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452283/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452283/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-19 23:28
Modified
2024-11-21 00:25
Severity ?
Summary
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.764 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.764:*:*:*:*:*:*:*",
"matchCriteriaId": "17FC27B7-4C5E-4C9B-9836-6EF55EFDDBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via \"unvalidated output\" in FAQ/index.php, possibly involving an undefined id_cat variable."
},
{
"lang": "es",
"value": "La secci\u00f3n faq en Postnuke 0.764 permite a atacantes remotos obtener informaci\u00f3n sensible (la ruta completa) a trav\u00e9s \"salidas no validas) en FAQ/index.php, posiblemente afectando a la variable no definida id_cat."
}
],
"id": "CVE-2007-0385",
"lastModified": "2024-11-21T00:25:43.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-19T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "cve@mitre.org",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"source": "cve@mitre.org",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35472"
},
{
"source": "cve@mitre.org",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke\u0026r1=20350\u0026r2=20911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter."
}
],
"id": "CVE-2005-1699",
"lastModified": "2024-11-20T23:57:55.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670586322172\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-24 04:00
Modified
2024-11-21 00:00
Severity ?
Summary
SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/408818 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/14636 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/408818 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14636 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.76_rc4b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:*:*:*:*:*:*:*",
"matchCriteriaId": "B73A09B4-83C0-47DE-A199-F2A490527263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php."
}
],
"id": "CVE-2005-2690",
"lastModified": "2024-11-21T00:00:09.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14636"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-21 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| francisco_burzi | php-nuke | 5.1 | |
| francisco_burzi | php-nuke | 5.2 | |
| francisco_burzi | php-nuke | 5.3.1 | |
| postnuke_software_foundation | postnuke | 0.64 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4C3F85-A23C-40B9-9B0F-564E7C254AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAF55C4-F0A7-4A36-B203-83670D58483F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C94B62CA-8D34-4B37-8748-1FE64F0299DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it."
}
],
"id": "CVE-2001-0911",
"lastModified": "2024-11-20T23:36:25.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3567"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action."
}
],
"id": "CVE-2004-2752",
"lastModified": "2024-11-20T23:54:08.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/01032004.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1008629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/01032004.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-20 22:02
Modified
2024-11-21 00:07
Severity ?
Summary
SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76FC3B0-C5DF-4BDE-9219-F548A6A597F3",
"versionEndIncluding": "0.761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php."
}
],
"evaluatorComment": "Successful exploitation requires that the \"magic_quotes_gpc\" parameter is disabled.",
"id": "CVE-2006-0801",
"lastModified": "2024-11-21T00:07:22.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-20T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "cve@mitre.org",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2024-11-21 00:05
Severity ?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"id": "CVE-2006-0147",
"lastModified": "2024-11-21T00:05:45.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 | |
| postnuke_software_foundation | postnuke | 0.760_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module."
}
],
"id": "CVE-2005-1696",
"lastModified": "2024-11-20T23:57:55.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111670506926649\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=2691"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-20 22:02
Modified
2024-11-21 00:07
Severity ?
Summary
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.7 | |
| postnuke_software_foundation | postnuke | 0.62 | |
| postnuke_software_foundation | postnuke | 0.63 | |
| postnuke_software_foundation | postnuke | 0.64 | |
| postnuke_software_foundation | postnuke | 0.70 | |
| postnuke_software_foundation | postnuke | 0.71 | |
| postnuke_software_foundation | postnuke | 0.72 | |
| postnuke_software_foundation | postnuke | 0.73 | |
| postnuke_software_foundation | postnuke | 0.74 | |
| postnuke_software_foundation | postnuke | 0.75 | |
| postnuke_software_foundation | postnuke | 0.75_rc3 | |
| postnuke_software_foundation | postnuke | 0.76_rc4 | |
| postnuke_software_foundation | postnuke | 0.76_rc4a | |
| postnuke_software_foundation | postnuke | 0.76_rc4b | |
| postnuke_software_foundation | postnuke | 0.703 | |
| postnuke_software_foundation | postnuke | 0.721 | |
| postnuke_software_foundation | postnuke | 0.726.3 | |
| postnuke_software_foundation | postnuke | 0.761 | |
| postnuke_software_foundation | postnuke | 0.761a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7F30D2AF-1E7F-4426-8D34-84C86408CFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "DB291E9E-3002-4A68-A3E8-B3A6FF4D4E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "8738C97F-A6A7-4EC6-84A6-D38A7D2E4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "ED90D204-84B5-4EA4-B21D-A6CE37E45CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D14AA995-3B50-4B91-9634-0D63B0BD35EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "170103EA-D233-41B4-AD68-4572F1E80083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "051796A2-A488-4B15-90F8-DEB1E4CC50DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2C79DB-7655-46A9-965D-5E3246E84B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7C7203-45C9-4FE4-BFB8-BF2FC3052B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.75_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "078F46F4-9F7D-4BDC-B915-11D8F11ADFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE44C155-EDF6-4F4C-81A5-201BD561843F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4a:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE1A1F-0A0C-4965-9AC2-6E547B0EE582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:*:*:*:*:*:*:*",
"matchCriteriaId": "B73A09B4-83C0-47DE-A199-F2A490527263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC564FD-9700-4979-93C0-BA93E57FEF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.721:*:*:*:*:*:*:*",
"matchCriteriaId": "60750FE6-4A12-4F30-85C3-D259428537CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF825CA0-8E1C-41D0-B42B-11D03B52844E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761a:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EB4E7B-29AF-479F-AF9C-3AE84FBDB603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing \"\u003c\" character, which is interpreted as a \"\u003e\" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php."
}
],
"id": "CVE-2006-0800",
"lastModified": "2024-11-21T00:07:22.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-02-20T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://news.postnuke.com/index.php?name=News\u0026file=article\u0026sid=2754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24823"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 | |
| postnuke_software_foundation | postnuke | 0.760_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3700514A-DB69-49F4-AB13-B9DAEB93F303",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter."
}
],
"id": "CVE-2005-0617",
"lastModified": "2024-11-20T23:55:31.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110962710805864\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110962710805864\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013324"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-02 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.76_rc4 | |
| postnuke_software_foundation | postnuke | 0.76_rc4a | |
| postnuke_software_foundation | postnuke | 0.76_rc4b | |
| postnuke_software_foundation | postnuke | 0.760_rc2 | |
| postnuke_software_foundation | postnuke | 0.760_rc3 | |
| postnuke_software_foundation | postnuke | 0.760_rc4 | |
| postnuke_software_foundation | postnuke | 0.761 | |
| postnuke_software_foundation | postnuke | 0.761a | |
| postnuke_software_foundation | postnuke | 0.762 | |
| postnuke_software_foundation | postnuke | 0.763 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE44C155-EDF6-4F4C-81A5-201BD561843F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4a:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE1A1F-0A0C-4965-9AC2-6E547B0EE582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:*:*:*:*:*:*:*",
"matchCriteriaId": "B73A09B4-83C0-47DE-A199-F2A490527263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3700514A-DB69-49F4-AB13-B9DAEB93F303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B720E0CD-7975-4D56-9F09-371E742443C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "04899497-8B17-4428-9E60-EF8FDEA5F966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761a:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EB4E7B-29AF-479F-AF9C-3AE84FBDB603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.762:*:*:*:*:*:*:*",
"matchCriteriaId": "11B4716F-F173-4026-87C2-A3A97DA0CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.763:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8EA0A-1A5C-4B3D-9697-762FF044BF34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Downloads para versiones desconocidas de PostNuke permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro lid en una operaci\u00f3n viewdownloaddetails. NOTA: este asunto pudo haber estado en la funci\u00f3n viewdownloaddetails en dl-downloaddetails.php, pero PostNuke 0.764 no parece tener este asunto."
}
],
"id": "CVE-2006-6233",
"lastModified": "2024-11-21T00:22:13.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-02T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1952"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437832/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437832/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module."
}
],
"id": "CVE-2004-1949",
"lastModified": "2024-11-20T23:52:07.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108256503718978\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2580.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11386"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009801"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5368"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5369"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10146"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108256503718978\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.7 | |
| postnuke_software_foundation | postnuke | 0.62 | |
| postnuke_software_foundation | postnuke | 0.63 | |
| postnuke_software_foundation | postnuke | 0.64 | |
| postnuke_software_foundation | postnuke | 0.70 | |
| postnuke_software_foundation | postnuke | 0.71 | |
| postnuke_software_foundation | postnuke | 0.703 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7F30D2AF-1E7F-4426-8D34-84C86408CFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "DB291E9E-3002-4A68-A3E8-B3A6FF4D4E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "8738C97F-A6A7-4EC6-84A6-D38A7D2E4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "ED90D204-84B5-4EA4-B21D-A6CE37E45CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D14AA995-3B50-4B91-9634-0D63B0BD35EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC564FD-9700-4979-93C0-BA93E57FEF03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php."
}
],
"id": "CVE-2002-1996",
"lastModified": "2024-11-20T23:42:37.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/8605.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0288.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0299.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=524777\u0026group_id=27927\u0026atid=392228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/8605.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4350"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-31 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111721364707520&w=2 | Exploit, Mailing List | |
| cve@mitre.org | http://news.postnuke.com/Article2691.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111721364707520&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://news.postnuke.com/Article2691.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
],
"id": "CVE-2005-1778",
"lastModified": "2024-11-20T23:58:06.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2691.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2691.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.62 | |
| postnuke_software_foundation | postnuke | 0.63 | |
| postnuke_software_foundation | postnuke | 0.64 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "DB291E9E-3002-4A68-A3E8-B3A6FF4D4E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "8738C97F-A6A7-4EC6-84A6-D38A7D2E4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter."
}
],
"id": "CVE-2001-1521",
"lastModified": "2024-11-20T23:37:53.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/245691"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/82/243545"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7654.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/245691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/82/243545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7654.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3609"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-24 04:00
Modified
2024-11-21 00:00
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/408818 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/14635 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/408818 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14635 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.76_rc4b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.76_rc4b:*:*:*:*:*:*:*",
"matchCriteriaId": "B73A09B4-83C0-47DE-A199-F2A490527263",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php."
}
],
"id": "CVE-2005-2689",
"lastModified": "2024-11-21T00:00:09.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-08-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/408818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14635"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-31 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.750 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7B5757-8E02-4764-BF26-B51AB98E141F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter."
}
],
"id": "CVE-2005-1777",
"lastModified": "2024-11-20T23:58:06.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2691.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111721364707520\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://news.postnuke.com/Article2691.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014066"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D75B11-2416-4E63-9F2D-C2AD5CA5CAB5",
"versionEndIncluding": "0.723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php."
}
],
"id": "CVE-2003-1537",
"lastModified": "2024-11-20T23:47:23.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.722 | |
| postnuke_software_foundation | postnuke | 0.723 | |
| postnuke_software_foundation | postnuke | 0.726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.722:*:*:*:*:*:*:*",
"matchCriteriaId": "44D17AC0-46DE-4B86-9105-BA50FC178B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.723:*:*:*:*:*:*:*",
"matchCriteriaId": "FA866ACE-37FE-40FC-843D-FDFE65ECCE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E57D-A2EA-43C7-A29B-537FDE0656A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter."
}
],
"id": "CVE-2004-2751",
"lastModified": "2024-11-20T23:54:08.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.postnuke.com/Article2535.htm"
},
{
"source": "cve@mitre.org",
"url": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1008629"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/01032004.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3334"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.postnuke.com/Article2535.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1008629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/01032004.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-13 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postnuke_software_foundation | postnuke | 0.62 | |
| postnuke_software_foundation | postnuke | 0.63 | |
| postnuke_software_foundation | postnuke | 0.64 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "DB291E9E-3002-4A68-A3E8-B3A6FF4D4E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "8738C97F-A6A7-4EC6-84A6-D38A7D2E4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD378628-2AA0-4244-A4D7-8591BEB7A926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter."
}
],
"id": "CVE-2001-1460",
"lastModified": "2024-11-20T23:37:44.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-13T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/921547"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3435"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/921547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}