SGallery version 1.01 suffers from path disclosure, file inclusion, and SQL injection bugs.
63e83634fdc1f28b76fb5d6c48aae1837f5ddd74bbe1b90923816331b5dbc867
The Event Calendar module for PHP-Nuke suffers from cross site scripting, path disclosure, SQL injection, and script insertion attacks.
a36efcbb8d52ca32bb59f65773b5a67d142f0908a7cc7268b38847facdb0b68d
A SQL injection bug exists in Phorum versions 5.0.12 and below. Exploitation example given.
273145d61ee5d47316156922e22a25efedd2e1f51e7919932c33fb24ac3b2ffe
The third advisory in a three part series discussing more flaws in PHP Nuke ranging from full patch disclosure and cross site scripting to SQL injection attacks.
09c091f1f233ed1902d0aa74ac5da411fb080ada57495aec27ef66ae17793c0f
PHP Nuke versions 6.x through 7.3 suffer from cross site scripting and SQL injection flaws.
70f19d1381815ef51a0a74bdb7a4451ff7d7ed90c0e356680bec2079856ee621
PHPBB 2.0.8 is susceptible to full patch disclosure and cross site scripting vulnerabilities.
371b61e8aff45c61219490cd0843e2dbc477151643dbfbae0bf932f620e3e71b
PHP-Nuke versions 6.x - 7.3 suffer from multiple cross site scripting flaws and one SQL injection attack.
91617b0086be744417da762ae75a78ca3a9666abf5c6dfe2b7512cbada4af510
e107 version 0.615 is vulnerable to full path disclosure, cross site scripting, remote file inclusion, and multiple SQL injection attacks.
4648aabab47f7963e174173f3f04af7209fa7f43cb1be7217a8b81b3f861061f
PHP-Nuke versions 6.x to 7.3 allow for possible file inclusion.
4d43d506de22ba54c5b3d72da244b7c2d217bc83ffb12200388c179db7006a74
The Nuke jokes module for PHPNuke is susceptible to path disclosure, cross site scripting, and SQL injection attacks.
2c563bf041f397f2368286aa9f5f303cec749c7907a27ee19b36a9362644cb89
PHP-Nuke version 6.x through 7.2 suffer from various SQL injection and cross site scripting vulnerabilities.
ad379be5f5c68b56e0ab441f91d7a6268421e39c8a16990e45fab5dbff03f558
Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server.
7415e5415321c84c93f3ecfdfa2f75966b919e898dbdd4cc97a03587a1583d66
Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
fa1523d9e83ebd95e254ed0fdedcdbbee7fbc285f5cf83a0945a61cc86b6c446
PostNuke 0.726 Phoenix is susceptible to multiple path disclosure and cross site scripting vulnerabilities.
2421cfda93e82828c31ba0e759ac8a875641a6177c67906a0428a997b7c95c75
The phprofession 2.5 module for PostNuke is susceptible to path disclose, cross site scripting, and possible SQL injection attacks.
f1afb06444f45b473086acaefc01e5542aee6857caf546dc7aeb916bde1b06e2
Remote exploit that makes use of a SQL injection vulnerability in Phorum version 3.4.7.
9f4cf79038884aae5dcd94f78963562f26d6d2bddc3d43b27874e515c90298cb
A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.
9a6afe98513c69946e7f30f31b5b192c8e6123e0b8371ba1df208f890ff5610d
Cross site scripting bugs exist in PHP-Nuke versions 6.x through 7.2.
0da992c6bc892cac7f6b99a84635a87953f1c508e250c836c2ccfb9e521244ce
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for administrator level authentication bypass.
e506b19ed8619a63fd70561c25235584398ff9dd2637205db300cc42e775de9e
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for user level authentication bypass.
24b939d8a82382eed2da1caaffa8502f8d77754e47102fee8be0407d1a625590
NukeCalendar version 1.1.a, the PHP-Nuke Calendar Module, suffers from SQL injection, cross site scripting, and full path disclosure flaws.
9ed68b9089dd4b93ef762cb223c7d26e800b51eb979692145d29e2422ab62f3f
AzDGDatingLite version 2.1.1 is susceptible to cross site scripting attacks.
e325332f1004ce749d1d099b4a55c1d8ed2f024bc85f8b126169bb5fcd844b80
A SQL injection vulnerability in PHPBB versions 2.0.8 and below allows an attacker the ability to extract the administrator password hash.
79435b6428a517c7a224d8c38bddd4759ed0c9fd6cec34a473af09fcbbf5d078
Multiple SQL injection and cross site scripting vulnerabilities lie in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta. Full exploitation syntax given.
bd4cabcfa43f68af65bfece48818f4435386a8180e4f61c0fdeb6b20508d212d
PHP-Nuke versions 6.x through 7.1.0 allow for link inclusions that can force an administrator to unknowingly add a superuser.
31cc6559f4c7a91a97c76521c220fd991009d04a5c2dbeddbe787fadbdf0b497