Filtered by vendor Francisco Burzi
Subscriptions
Filtered by product Php-nuke
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1547 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | ||||
| CVE-2004-0265 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | ||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | ||||
| CVE-2004-0732 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | ||||
| CVE-2004-0738 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | ||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | ||||
| CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | ||||
| CVE-2004-1830 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. | ||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | ||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2003-1526 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | ||||
| CVE-2004-1840 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. | ||||
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. | ||||
| CVE-2004-1999 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | ||||
| CVE-2002-2032 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. | ||||
| CVE-2005-1001 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. | ||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | ||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2004-2295 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. | ||||
| CVE-2004-1998 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | ||||