Filtered by vendor Postnuke Software Foundation
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1049 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. | ||||
| CVE-2005-1694 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. | ||||
| CVE-2005-1695 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. | ||||
| CVE-2005-1699 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter. | ||||
| CVE-2005-1700 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. | ||||
| CVE-2006-0801 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | ||||
| CVE-2006-4968 | 1 Postnuke Software Foundation | 1 Pnphpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2005-1621 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | N/A |
| Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. | ||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2025-04-03 | N/A |
| PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | ||||