Vulnerabilities > Francisco Burzi
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-19 | CVE-2006-1846 | Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8 Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. network francisco-burzi | 4.3 |
2006-02-28 | CVE-2006-0908 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8Patched3.2 PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | 7.5 |
2006-02-28 | CVE-2006-0907 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | 7.5 |
2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |
2006-02-16 | CVE-2006-0679 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.8 SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | 7.5 |
2006-02-13 | CVE-2006-0676 | Cross-Site Scripting vulnerability in PHPNuke Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. network francisco-burzi | 4.3 |
2006-01-11 | CVE-2006-0163 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.7R1 SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. | 7.5 |
2005-12-31 | CVE-2005-4715 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | 7.5 |
2005-12-15 | CVE-2005-4260 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. network francisco-burzi | 4.3 |
2005-11-24 | CVE-2005-3792 | SQL Injection vulnerability in PHPNuke Search Module Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | 7.5 |