iSecureLabs Security Advisory - Cabezon Aurelien has discovered a vulnerability in the Network Tool 0.2 Addon for PHPNuke that allows remote users to run arbitrary commands with the privileges of the httpd daemon, thanks to the failure of the addon to filter shell meta-characters.
793e2c2c5f0e428af223241b631f0f5aa4c00fbb72c90e0e4b899fb9bbc0d1f1
iSecureLabs Security Advisory - Cabezon Aurelien has discovered a reverse directory traversal vulnerability in the Gallery Addon for PHPNuke that allows users to view arbitrary files on the remote system that are owned or readable by the httpd daemon.
fb56723b90987185c743733ccbeb618508f8f8601f8af9aefd50e2cfd6a70c9d